[sane-devel] need network syntax for saned.conf

Olaf Meeuwissen paddy-hack at member.fsf.org
Sun Nov 26 05:48:27 UTC 2017 

Hi,

ToddAndMargo writes:

>>
>> Le samedi 25 novembre 2017, 01:38:56 ToddAndMargo a écrit :
>>> Hi All,
>>>
>>> In saned.conf,
>>>
>>> what is the proper syntax to allow all IP from a particular network:
>>>
>>>         192.168.100.0/24
>>>
>>> and what is the syntax allow a range of networks:
>>>
>>>         192.168.100.0/24 through 192.168.105.0/24
>>>
>>>
>>> Many thanks,
>>> -T
>>
>
> On 11/25/2017 02:05 AM, e.marc at orange.fr wrote:
>  > Hello Sir,
>  >
>  > I'm not a specialist of sane but my search engine with "man
> saned.conf" gave
>  > me the following page
>  > https://linux.die.net/man/8/saned
>  > where I see an example
>  > 	# Access list
>  > 	scan-client.somedomain.firm
>  > 	# this is a comment
>  > 	192.168.0.1
>  > 	192.168.2.12/29
>  > 	[::1]
>  > 	[2001:7a8:185e::42:12]/64
>  >
>  > Is it clear enough?
>  >
>  > Have a nice Saturday
>  >
>  > Regards
>
>
> Actually no.
>
> I had found that portion, but got frustrated with them
> calling "hostnames" as "IP addresses".  Not the same
> thing.  Hostname is before the IP address is resolved.

You're right that host names and IP addresses are not the same thing,
but the saned manual page says:

  The access list is a list of host names, IP addresses or IP subnets
  (CIDR notation)

It doesn't say they are the same thing.  It just says that you can use
whatever combination of these three is most convenient for you.

> And "192.168.2.12/29" which only gives you a single IP
> address with its subnet mask.

Using that would allow access from all eight IPv4 addresses that have
the same 29 initial bits as 192.168.2.12.  Please note that the CIDR
notation was introduced exactly to allow addressing on arbitrary bit
boundaries.

See https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing

> The above line shows that
> you do not need the subnet mask.  xxx.xxx.xxx.0/24
> tells you  all the IP's from xxx.xxx.xxx.1 to 255
>
> Can I get away with 192.168.222.0/23?  That would
> be 192.168.222 to 223. 1 to 255

Yes.

Hope this helps,
--
Olaf Meeuwissen, LPIC-2            FSF Associate Member since 2004-01-27
 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13  F43E B8A4 A88A F84A 2DD9
 Support Free Software                        https://my.fsf.org/donate
 Join the Free Software Foundation              https://my.fsf.org/join

More information about the sane-devel mailing list