[Info-vax] What is definition of a network for TCPIP SET /ACCEPT=NETWORK?
Steven Schweda
sms.antinode at gmail.com
Thu Nov 18 13:13:25 EST 2021
> The site has 7 full IP ranges to allow (this is just 3). How would you
> enter them?
Define "full IP range". But first:
tcpip show version
tcpip show service SSH /full
How _I_ would specify them would depend on what they actually are.
For example, "a.b.242.0:255.255.255.0,a.b.243.0:255.255.255.0" might
have been reduced to "a.b.242.0:255.255.254.0". But, before I did
anything, I'd clean out what's there now:
set service SSH /accept = nonetworks = *
My accept/reject script files include helpful(-to-me) comments like
these:
! Popular netmasks:
!
! 11111111 /8 = 255 11111110 /7 = 254 11111100 /6 = 252 11111000 /5 = 248
!
! 11110000 /4 = 240 11100000 /3 = 224 11000000 /2 = 192 10000000 /1 = 128
> The limit is 16 which I took to mean 16 network specifications not 16
> IPs?
Define "IPs".
https://en.wikipedia.org/wiki/Internet_Protocol
https://en.wikipedia.org/wiki/IP_address
I'd expect it to take 16 subnet specifications, but they do
accumulate.
I generally do /reject, not /accept, but my scripts all start with
commands like:
set service XXXX /reject = nohost = *
set service XXXX /reject = nonetworks = *
and then build upon the resulting clean slates. I don't hit any
unexpected limits. (But higher limits would be helpful to me.)
More information about the Info-vax
mailing list