[Info-vax] What is definition of a network for TCPIP SET /ACCEPT=NETWORK?
Dymaxion Development
dymaxion.info at gmail.com
Fri Nov 19 09:55:08 EST 2021
On Thursday, November 18, 2021 at 2:13:31 PM UTC-4, Steven Schweda wrote:
> > The site has 7 full IP ranges to allow (this is just 3). How would you
> > enter them?
> Define "full IP range". But first:
>
> tcpip show version
>
> tcpip show service SSH /full
>
> How _I_ would specify them would depend on what they actually are.
> For example, "a.b.242.0:255.255.255.0,a.b.243.0:255.255.255.0" might
> have been reduced to "a.b.242.0:255.255.254.0". But, before I did
> anything, I'd clean out what's there now:
>
> set service SSH /accept = nonetworks = *
>
> My accept/reject script files include helpful(-to-me) comments like
> these:
>
> ! Popular netmasks:
> !
> ! 11111111 /8 = 255 11111110 /7 = 254 11111100 /6 = 252 11111000 /5 = 248
> !
> ! 11110000 /4 = 240 11100000 /3 = 224 11000000 /2 = 192 10000000 /1 = 128
> > The limit is 16 which I took to mean 16 network specifications not 16
> > IPs?
> Define "IPs".
>
> https://en.wikipedia.org/wiki/Internet_Protocol
> https://en.wikipedia.org/wiki/IP_address
>
> I'd expect it to take 16 subnet specifications, but they do
> accumulate.
>
> I generally do /reject, not /accept, but my scripts all start with
> commands like:
>
> set service XXXX /reject = nohost = *
> set service XXXX /reject = nonetworks = *
>
> and then build upon the resulting clean slates. I don't hit any
> unexpected limits. (But higher limits would be helpful to me.)
Thanks for your reply. By full IP range, I meant a.b.1.1 through a.b.255.255. IPs is just a single IP regardless of subnet mask.
I did the TCPIP SHOW SERVICE SERVICE /FULL and there were 13 other settings beforehand. D'oh. I was told there were none. So I mistook that it meant 16 individual IPs and not IP ranges or networks.
Thanks for your help!
More information about the Info-vax
mailing list