addition to the FAQ: how to roll out IPBlock
Jeff A. Earickson
jaearick at COLBY.EDU
Wed Nov 19 18:18:12 GMT 2003
> On the subject of specifying netblocks, CIDR addresses and other ranges, do
> you want
> 1) the limit to apply to the whole of the netblock in total?
> 2) the limit to apply to each IP number in the netblock?
> It will affect the implementation quite a bit. I'm basically going to have
> to rewrite IPBlock to support these, and I don't want to do it more times
> than I have to :-)
I would like a limit to apply to ech machine in the netblock instead
of the aggregrate traffic for the netblock. If I have a IPBlock rule:
and machine 184.108.40.206 sends 200 messages, then I want that IP
blocked, not the other numbers in that class C. In playing with Net::CIDR,
it does not handle implied octets at all (eg "137.146.129" means
"220.127.116.11/24") in range2cidr or cidrlookup. I heard back from
Sam Varshavchik on my note about this, and his response is "garbage in,
garbage out". Don't expect new changes in Net::CIDR, unless this crowd
adds them. His code should handle implied octets, alas.
--- Jeff Earickson
More information about the MailScanner