next »

[jimp]

I just committed support for adding IP ranges in aliases, and it could use some testing.

How it works is that you can, on the alias editing screen, enter an IP range such as 192.168.0.1-192.168.0.254 and it will turn that into a bunch of CIDR subnets which fill the requested range, which will then be entered as separate alias lines. If you enter a range which is neatly summarized in one subnet (e.g. 192.168.0.0-192.168.0.255) it will result it just one subnet with the proper CIDR mask.

See the attached screenshots for an example. So far the ugliest one I've been able to do is pretty much the worst case- 0.0.0.1-255.255.255.254, which results in over 60 subnets.

If you update to a snapshot which is timestamped after this post (or gitsync from a recent snapshot), give it a try and let me know if something breaks.

[nocer]

hi jimp,

this is what i've been wainting for to be implemented since before i was born... just did some cidr tests with the latest build and looks like it hurts nothing, yet. it clearly divides into cidr blocks correctly as far as i've done on my box. i have a bunch of nasty/dirty aliases which can be consolidated to be a very few lines by using this and saves me alot! i will let you know if something happens. thanks again.

cheers

[jimp]

I've been tossing test data at the algorithm I wrote for a few days and fixed a few bugs and corner cases, so I think it's pretty solid but it's always the things we don't think of that come back to bite us!

Thanks for helping to test it, let me know if you find any weirdness.

The most likely thing to happen would be what appears to be a hard lock or freeze if it gets caught in a loop or infinite recursion. It shouldn't be able to happen, the way it's coded now, but again -- it's definitely worth testing to be sure.

[nocer]

Hello jimp,

It's been a while since started playing with your alias tricks, looks like it's rock solid, have never seen any glitch/freeze/loop whatever I never ever welcomed. Great tool indeed. Now as a novice player, I'd think it would better if I can specify a local text file(locally saved file either on PC and/or pfbox), just like config file, because I have a bunch of text files which contains addrs saved in cidr format so that I wouldn't have to put in one-by-one. Of course there's an option to specify URL instead but using text file is way easier. I dunno how much it costs you but please think about it...

cheers,

[jimp]

There already exists a bulk import in 2.0

On the alias list screen, there is a little up-arrow "^" at the bottom. Click that, and you can paste in a large list of alias entries, one per line.

[nocer]

Thx jimp,

Well, what I meant to say was that I knew there's a "bulk" import but it actually creates table like;
(no offending, just as an example )

# User Aliases
table <Blah> {   58.14.0.0/15  58.16.0.0/13  58.24.0.0/15  58.30.0.0/15  58.32.0.0/11  
58.66.0.0/15  58.68.128.0/17  58.82.0.0/15  58.87.64.0/18  58.99.128.0/17  58.100.0.0/15  
58.116.0.0/14  58.128.0.0/13  58.144.0.0/16  58.154.0.0/15  58.192.0.0/11  58.240.0.0/12  
59.32.0.0/11  59.64.0.0/12...(snip)}

and table gets bigger and bigger, so does rules in the pf, and I already having difficulties to maintain
those lists within a /tmp/rules.debug.

Now come to the first, if I could import a text file itself, pfbox may create the following instead
of putting a whole bunch of cidr/host lines;

table <Blah> persist file \"/var/db/filename\"

which makes my life alot easier.

just my $.02
cheers,

[jimp]

The point of the GUI is that you don't have to worry or even know about /tmp/rules.debug.

[nocer]

jimp,

the point of GUI, yes I agree with you but I am not that good at GUI and more or less CUI guy so
like to keep rules cleaner and smaller in terms of # of lines... Well, it can be done by applying some
quick diy patch for filter.inc so I will...anyway thanks a lot for your time and effort.

cheers,

[jnorell]

I used this feature with 2010/06/01 snapshot and noticed the Description field does not carry over to all the generated cidr blocks.

Eg. I added two ip ranges, both with a Description, and that expanded to 12 cidr blocks in my case; the first two retained the Description I entered, but all the others were empty.  It'd probably be nice to at least duplicate that (I would have preferred that), and/or fill the Description with a note that says it was "expanded from ip range blah-blah" or so.

[jimp]

I'll have to revisit that. I thought I had it duplicate the description but apparently not. :-)

It's been a while since I worked on it.

[jimp]

That is the package on 1.2.3, not code from 2.0. This topic is for the 2.0 version only.