On Sun, 25 Jul 2010 19:10:42 -0700, <Kevin.Buckley_at_[hidden]> wrote:
> I recall you said you had machines numbered 192.168.10.1xx ?
>
> If so, then 192.168.10.0/24 ("slash 24") would be slightly better
> for you than "slash 8" as that at least narrows things down to all
> numeric addresses starting with:
>
> 192.168.10.
>
> If you just wanted to "trust" to a single machine then this:
>
> 192.168.10.100/32
>
> represents, in the syntax you have already seen in use, the single
> machine, 192.168.10.100.
Thanks! The syntax wasn't explained in any of the info I found - which
included nothing so basic as a manual or HowTo doc - so I was trying to
guess from examples. I figured that /8 meant "mask off the last 8 bits",
but apparently it's "mask everything but the first 8".
> Without wishing to make too many guesses as to what FW_TRUSTED_NETS
> is doing but assuming that you can assign more than one "netmask" in
> there and armed with the info above, you could add all of your own
> machines individually by making:
>
> FW_TRUSTED_NETS
>
> take the values (three machine range, 101 -> 103 here)
>
> 192.168.10.100/32 192.168.10.101/32 192.168.10.102/32
>
> and so on: basically, treating each machine as a trusted "network"
> of one machine.
It also allows listing of individual machines, e.g. "192.168.10.100
192.168.10.101 192.168.10.102...", but I figured it could get tedious
updating the list on every machine each time I add one.
Thanks,
James
|
![[Flag]](../../../../../community/mirrors/flag-us.gif){kind=small}