From: Bob Usa (boby2kusa@hotmail.com)
Date: Sat Mar 01 2003 - 03:46:33 GMT-3
I have not sat down and calculated this but if you transform the decimal ip
to binaries you can find one or two line to cover all the networks witht eh
proper mask but of course, you will not be able to create one of two lines
that will cover the four specific networks, no.
>From: "OhioHondo" <ohiohondo@columbus.rr.com>
>Reply-To: "OhioHondo" <ohiohondo@columbus.rr.com>
>To: "xin tang" <tonyxintang@yahoo.com>, <ccielab@groupstudy.com>
>Subject: RE: Access-list
>Date: Sat, 1 Mar 2003 00:00:32 -0500
>
>xin
>
>I looked at this. I think someone is pulling your chain. (wasting your
>time)
>
>The 4 lines in the original deny list seem to be the best. You could get it
>down to 2 lines fairly easily (you can find the wildcard mask of any 2 IP
>nets by doing an exclusive OR on them) but there is no way that I can see
>to
>get your 4 entries down to 1 without, as you noted, letting other nets in.
>
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
>xin tang
>Sent: Friday, February 28, 2003 9:01 PM
>To: ccielab@groupstudy.com
>Subject: Access-list
>
>
>I saw a question somewhere which requires to configure
>an
>ACL using as few lines as possbile to accomplish this:
>
>deny tcp from subnet 102.17.63.0/24
>deny tcp from subnet 126.22.61.0/24
>deny tcp from subnet 111.22.57.0/24
>deny tcp from subnet 125.33.101.0/24
>and permit all other ip traffic
>
>The solution is something like
>
>access-list 110 deny tcp 100.0.33.0 27.55.94.255 any
>access-list 110 permit ip any any
>
>However, this ACL will block traffic from other
>subnets as well, for
>example, traffic from subnet 103.0.33.0/24 will be
>blocked.
>
>Any idea on a valid solution?
>
>Thanks.
>
>
>
>__________________________________________________
>Do you Yahoo!?
>Yahoo! Tax Center - forms, calculators, tips, more
>http://taxes.yahoo.com/
This archive was generated by hypermail 2.1.4 : Sat Apr 05 2003 - 08:51:30 GMT-3