ASL white list ip range

Kalimari · **Posted:** Wed Jun 13, 2012 12:42 pm

Hi, does ASL firewall bl/wl support subnets as follows:

Code:

asl -wl 0x0.0x0.0x0.0x0/28
asl -wl 0x0.0x0.0x0.0x0/27

And is this the best way?
Yes... this is to allow a PCI scan to complete :!:

mikeshinn · **Posted:** Wed Jun 13, 2012 3:23 pm

Quote:

Hi, does ASL firewall bl/wl support subnets as follows:

Yes, the blacklist and whitelists support CIDRs.

Quote:

And is this the best way?

This:

asl -wl 0x0.0x0.0x0.0x0/28

I assume you just redacted the range, but if not, no that wont work its not valid.

Kalimari · **Posted:** Thu Jun 14, 2012 11:35 am

I take from your response that entering: 0x0.0x0.0x0.0x0/28 in /etc/asl/whitelist will work, but not via cli. Tested and working. Thanks

mikeshinn · **Posted:** Thu Jun 14, 2012 5:18 pm

It will work from the command line. For example, this:

asl -wl 10.0.0.0/8

Is valid.

This:

asl -wl 0x0.0x0.0x0.0x0/8

Thats not a valid address, its going to break lots and lots of things. You need to use a valid CIDR, in the form of decimals.

Kalimari · **Posted:** Fri Jun 15, 2012 3:25 am

OK, understood, the 0x0 was meant to represent decimal.decimal.decimal.decimal, my bad.

ASL white list ip range

Who is online