[tac_plus] Adding a /29 network on acl
Alan McKinnon
alan.mckinnon at gmail.com
Wed Apr 10 21:09:06 UTC 2013
On 10/04/2013 21:58, Asif Iqbal wrote:
> Hi All,
>
> I see example on /24 and /16 on tac_plus.conf(5). How would you add a /29
> for acl?
>
> Thanks
>
The short answer is that you don't :-(
The ACL is not a network address so you cannot use any of the familiar
network notations. It is a regex so you have to express it as a regex.
And that depends highly on the addresses you are working with.
Using for example 10.0.0.8/29, I would do this:
acl = whatever {
permit = "^10\.0\.0\.[89]$"
permit = "^10\.0\.0\.1[012345]$
}
Note how I used two lines, it just seems easier like that.
Or, a /29 is just 8 lines, so maybe I would just list all 8 individually
and spare myself the pain of expanding the addresses and figuring out
the regex.
The long answer is that to do it right, you patch the code to be able to
deal with addresses properly as addresses, announce your patch here, and
legions of sysadmins will be eternally grateful.
--
Alan McKinnon
alan.mckinnon at gmail.com
More information about the tac_plus
mailing list