[rbldnsd] Exclusion Range
Michael Tokarev
mjt at tls.msk.ru
Thu Aug 21 14:30:19 MSD 2008
Bryan Hughes wrote:
> Is it possible to exclude a range of address with any of the range
> syntax such as
>
> !10.10
> !10.10.5-129
> or
> !10.8.60.0/24
>
> Or are there only single address exclusion entries?
Short answer is that more specific (ie, smaller) entry
(range) wins. If you've individual ip-addresses listed,
any /8 exclusion wont work. That was the intention,
anyway.
In reality things are a bit more.. interesting.
An exclusion of range /25 or smaller "wins" over a
single IP address (which is /32) or any other listing
of range /25 or more. An exclusion of size 17..24 bits
wins over any /17../24 listing. And so on.
It's all about ip4set, which is internally stored as
4 arrays, by-octet granularity. With ip4trie, things
are more natural.
I probably should document it all in the manual page.
> From what I've been testing it hasn't been working.
You didn't try /25 exclusions ;)
But may I ask please, WHY do you need such exclusions
in the first place?
More information about the rbldnsd
mailing list