{"id":4516,"date":"2014-11-19T15:51:00","date_gmt":"2014-11-19T13:51:00","guid":{"rendered":"http:\/\/skeletor.org.ua\/?p=4516"},"modified":"2017-01-23T11:12:59","modified_gmt":"2017-01-23T09:12:59","slug":"ip-range-in-firewalls","status":"publish","type":"post","link":"https:\/\/skeletor.org.ua\/?p=4516","title":{"rendered":"IP range in firewalls"},"content":{"rendered":"<h2><strong><span style=\"color: #0000ff;\">PF<\/span><\/strong><\/h2>\n<p><code># grep test \/etc\/pf.conf<br \/>\ntest=\"{ 10.0.0.1 - 10.0.0.100 }\"<br \/>\nblock in quick on $ext_if from $test<br \/>\n# pfctl -nvf \/etc\/pf.conf | grep 10.0<br \/>\ntest = \"{ 10.0.0.1 - 10.0.0.100 }\"<br \/>\nblock drop in quick on em1 inet from 10.0.0.1 - 10.0.0.100 to any<\/code><\/p>\n<p>\u041d\u043e \u0443 \u043c\u0435\u043d\u044f \u043d\u0435 \u0432\u0441\u0435\u0433\u0434\u0430 \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e \u0441\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u043b\u043e \u044d\u0442\u043e \u043f\u0440\u0430\u0432\u0438\u043b\u043e \u043d\u0430 <strong>FreeBSD<\/strong>.<\/p>\n<h2><strong><span style=\"color: #0000ff;\">iptables<\/span><\/strong><\/h2>\n<p><code>iptables -A INPUT -p tcp --destination-port 22 -m iprange --src-range 192.168.1.100-192.168.1.200 -j ACCEPT<br \/>\niptables -t nat -A POSTROUTING -j SNAT --to-source 192.168.1.100-192.168.1.200<\/code><\/p>\n<p>\u0412 \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0445 \u0444\u0430\u0439\u0435\u0440\u0432\u043e\u043b\u0430\u0445 (<strong>ipfilter<\/strong>) \u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u0430 \u043d\u0435\u0442 \u0438 \u043f\u0440\u0438\u0434\u0451\u0442\u0441\u044f \u0440\u0430\u0437\u0431\u0438\u0432\u0430\u0442\u044c \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d \u043d\u0430 \u043f\u043e\u0434\u0441\u0435\u0442\u0438 <strong>CIDR<\/strong>.<\/p>\n<h2><span style=\"color: #0000ff;\"><strong>ipfw<\/strong><\/span><\/h2>\n<p><code>ipfw add allow all from\u00a01.2.3.0\/24{128,35-55,89}<\/code><\/p>\n<p>\u0412\u044b\u0434\u0435\u0440\u0436\u043a\u0430 \u0438\u0437 \u043c\u0430\u043d\u0430:<\/p>\n<blockquote><p><span style=\"color: #993366;\">As an example, an address specified as 1.2.3.4\/24{128,35-55,89}<\/span><br \/>\n<span style=\"color: #993366;\"> or 1.2.3.0\/24{128,35-55,89} will match the following IP<\/span><br \/>\n<span style=\"color: #993366;\"> addresses:<\/span><br \/>\n<span style=\"color: #993366;\"> 1.2.3.128, 1.2.3.35 to 1.2.3.55, 1.2.3.89 .<\/span><\/p><\/blockquote>\n<p>\u0421\u043f\u0430\u0441\u0438\u0431\u043e \u043d\u0430\u0448\u0435\u043c\u0443 \u0447\u0438\u0442\u0430\u0442\u0435\u043b\u044e, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u043b \u0441\u0442\u0430\u0442\u044c\u044e \u043f\u0440\u043e <strong>ipfw<\/strong>.<\/p>\n<p>\u0415\u0441\u043b\u0438 \u0443 \u043a\u043e\u0433\u043e-\u0442\u043e \u043d\u0435 \u0437\u0430\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u043e, \u0432\u043e\u0442 <a href=\"http:\/\/www.ipaddressguide.com\/cidr#range\">\u0441\u0441\u044b\u043b\u043a\u0430<\/a> \u043d\u0430 \u0440\u0430\u0437\u0431\u0438\u0432\u043a\u0443 \u043d\u0430 \u043f\u043e\u0434\u0441\u0435\u0442\u0438<\/p>\n","protected":false},"excerpt":{"rendered":"<p>PF # grep test \/etc\/pf.conf test=&#8221;{ 10.0.0.1 &#8211; 10.0.0.100 }&#8221; block in quick on $ext_if from $test # pfctl -nvf \/etc\/pf.conf | grep 10.0 test = &#8220;{ 10.0.0.1 &#8211; 10.0.0.100 }&#8221; block drop in quick on em1 inet from 10.0.0.1 &#8211; 10.0.0.100 to any \u041d\u043e \u0443 \u043c\u0435\u043d\u044f \u043d\u0435 \u0432\u0441\u0435\u0433\u0434\u0430 \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e \u0441\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u043b\u043e \u044d\u0442\u043e \u043f\u0440\u0430\u0432\u0438\u043b\u043e \u043d\u0430 FreeBSD. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,5,25],"tags":[],"class_list":["post-4516","post","type-post","status-publish","format-standard","hentry","category-freebsd","category-linux","category-openbsd"],"_links":{"self":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts\/4516","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4516"}],"version-history":[{"count":8,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts\/4516\/revisions"}],"predecessor-version":[{"id":5113,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts\/4516\/revisions\/5113"}],"wp:attachment":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4516"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4516"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4516"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}