Re: Access-lists

From: Denton Bobeldyk (denny@xxxxxxxxxxxxxx)
Date: Wed Dec 08 1999 - 13:59:44 GMT-3

• Next message: Andrew Yourtchenko: "Re: Access-lists"
• Previous message: Kenreich, Brent G.: "RE: RTP"
• Maybe in reply to: Brett Summerville: "Access-lists"
• Next in thread: Andrew Yourtchenko: "Re: Access-lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
As far as me and my 103 degree fever can tell:

Convert the numbers to binary(respectively):

10101001.00111011.11001010.????????
10101001.00111001.10001010.????????
This would give me a mask:
(Remember 0's mean check the corresponding bit, and 1's mean we don't care)
00000000.00000010.01000000.11111111

converted to decimal: 0.2.64.255

thus we could combine the first 2 into:
deny 169.59.140.0 0.2.64.255

The second two should go as follows:
10100001.10001010.00111001.????????
10101001.11001010.00111001.????????
Giving the following mask:
00001000.01000000.00000000.11111111

converted to decimal: 8.64.0.255

deny 161.140.57.0 8.64.0.255

For the last one, if you want to deny every even number in the 3rd
octet, the only bit you would want to check is the 1 bit. If the one bit
is set to '1'. The number is going to be odd, else the number is even, so:

if the number has to begin with 172.1, our first 2 bytes in the subnet are goin
g

to be 0.0 (meaning we have to check the bits).
Our third byte in the mask would be 11111110.
Meaning the only bit we're going to check is the last bit.
Then our corresponding network number to go with that
would be something like 00000000. We don't really care what we put
in for the first 7 bits, we just want to make sure that last bit is going to
be a 0.
I'm not sure what you wanted Y to be so:
deny 172.1.0.? 0.0.254.?
If Y was to be any host on the subnet then:
deny 172.1.0.0 0.0.254.255

Binary is soo coool.

Perhaps someone should check my math to make sure
my meds are making me hallucinate.

-Denny

Brett Summerville wrote:

> Could someone show me how to combine these deny statements to as little
> lines as possible.
>
> Deny source in 169.59.204.X
> Deny source in 169.57.140.X
> Deny source in 161.140.57.X
> Deny source in 169.204.57.X
>
> Also, deny every even subnet in 172.1.X.Y, where X is the subnet portion (24
> bit mask)
>
> Thanks,
>
> Brett
>

• Next message: Andrew Yourtchenko: "Re: Access-lists"
• Previous message: Kenreich, Brent G.: "RE: RTP"
• Maybe in reply to: Brett Summerville: "Access-lists"
• Next in thread: Andrew Yourtchenko: "Re: Access-lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:21:59 GMT-3