matching a list of IP's
Sat, 15 Jul 2000 12:37:15 +0200
Samuel Krempp wrote:
> I think netFilter would be greater with rules that match packets which
> src/dst IP (or MAC) *belongs* in a given list of adresses.
> Of course one can simply create a sequence of N rules (for a list of
> N adresses), but matching the adress in a bitmap would
> improve the speed drastically in such a case.
> By Bitmap, I mean an array of 2^N bits, representing all the adresses
> of a given network (even for a class B net, N=16 and the memory needed
> is'nt awfully big), with value 1 for adresses in the list and 0 for others.
I think we already have that functionality: You can specify a bitmap after the
slash aaa.bbb.ccc.ddd/mask. For Class C networks the mask is usually "24",
meaning "24 relevant bits", but you can specify a complete bismask here e.g.
.../255.255.255.240, masking out the last 16 IPs 240-255.
did I get you wrong?