pf: Efficiently specifying discontinuous IPv6 ranges
Matthew Seaman
matthew at FreeBSD.org
Fri May 11 16:48:57 UTC 2018
On 11/05/2018 16:28, Mark Raynsford via freebsd-net wrote:
> good_0 = 2a00:1450:400c:: - 2a00:1450:400c::1000
> good_1 = 2a04:4e42:600::200 - 2a04:4e42:600::400
> good_2 = 2001:1900:2254:206a::50:0
> good_3 = 2001:19f0:5:61d:f000::
> good_4 = 2001:4998:58:1836::10
You could also handle this using an address and mask style entry. For
instance,
2a00:1450:400c:: - 2a00:1450:400c::1000 should be equivalent to
2a00:1450:400c::/116 (2^12 = 8192 addresses)
plus
2a00:1450:400c::1000/128 (1 address)
and 2a04:4e42:600::200 - 2a04:4e42:600::400 should be equivalent to
2a04:4e42:600::200/119 (2^9 = 512 addresses)
plus
2a04:4e42:600::400/128 (1 address)
assuming a) I've counted the bits correctly and b) you meant your ranges
to be inclusive of the endpoints. It would be somewhat neater if the
range was eg. 2a00:1450:400c:: - 2a00:1450:400c::fff losing that one
last oddball address.
Cheers,
Matthew
More information about the freebsd-net
mailing list