Mailinglist Archive: opensuse-security (511 mails)
| < Previous | Next > |
Re: [suse-security] SuSEfirewall2: are these IPs private or not?
- From: Anders Johansson <andjoh@xxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 28 Aug 2001 22:41:37 +0200
- Message-id: <200108282041.f7SKfbt27949@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
On Tuesday 28 August 2001 21.30, Steffen Dettmer wrote:
> * Thomas Nowak wrote on Tue, Aug 28, 2001 at 09:47 +0200:
> > Dieter Huerten wrote:
> > > > 10.0.0.0 - 10.255.255.255 (10/8 prefix)
> > > > 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
> > > > 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
> >
> > echo "$PART1" | $GREP -Eq '^10\.|^172\.1|^192\.168\.' || {
> > echo "Warning: The network $DEV_IP you want to masquerade is not from a
> > private network"
> > echo ' e.g. 10.0.0.0/8, 172.16.0.0/11 or 192.168.0.0/16 - change
> > this!' }
> > So he looks only if the address begin with 172.1*
> > not very RFC konform :-)
>
> should be changed. Well, I have no nice idea about a real cool
> regex, but:
>
> echo "$PART1" | $GREP -Eq \
> '^10\.|^172\.(16|17|18|19|2.|30|31)\.|^192\.168\.' ....
>
> should work. Improvements?
I forgot one comment
I don't think it can be done with a simple regexp, but you need to check the
netmask as well. 10.0.0.0/4 isn't private
>
> oki,
>
> Steffen
Anders
> * Thomas Nowak wrote on Tue, Aug 28, 2001 at 09:47 +0200:
> > Dieter Huerten wrote:
> > > > 10.0.0.0 - 10.255.255.255 (10/8 prefix)
> > > > 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
> > > > 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
> >
> > echo "$PART1" | $GREP -Eq '^10\.|^172\.1|^192\.168\.' || {
> > echo "Warning: The network $DEV_IP you want to masquerade is not from a
> > private network"
> > echo ' e.g. 10.0.0.0/8, 172.16.0.0/11 or 192.168.0.0/16 - change
> > this!' }
> > So he looks only if the address begin with 172.1*
> > not very RFC konform :-)
>
> should be changed. Well, I have no nice idea about a real cool
> regex, but:
>
> echo "$PART1" | $GREP -Eq \
> '^10\.|^172\.(16|17|18|19|2.|30|31)\.|^192\.168\.' ....
>
> should work. Improvements?
I forgot one comment
I don't think it can be done with a simple regexp, but you need to check the
netmask as well. 10.0.0.0/4 isn't private
>
> oki,
>
> Steffen
Anders
| < Previous | Next > |