addition to the FAQ: how to roll out IPBlock

Jeff A. Earickson jaearick at COLBY.EDU
Wed Nov 19 18:18:12 GMT 2003

> On the subject of specifying netblocks, CIDR addresses and other ranges, do
> you want
> 1) the limit to apply to the whole of the netblock in total?
> or
> 2) the limit to apply to each IP number in the netblock?
> It will affect the implementation quite a bit. I'm basically going to have
> to rewrite IPBlock to support these, and I don't want to do it more times
> than I have to :-)


   I would like a limit to apply to ech machine in the netblock instead
of the aggregrate traffic for the netblock.  If I have a IPBlock rule:

137.146.129    100

and machine sends 200 messages, then I want that IP
blocked, not the other numbers in that class C.  In playing with Net::CIDR,
it does not handle implied octets at all (eg "137.146.129" means
"") in range2cidr or cidrlookup.  I heard back from
Sam Varshavchik on my note about this, and his response is "garbage in,
garbage out".  Don't expect new changes in Net::CIDR, unless this crowd
adds them.  His code should handle implied octets, alas.

--- Jeff Earickson
    Colby College

More information about the MailScanner mailing list