CIDR block too large ?

Vernon Schryver vjs@calcite.rhyolite.com
Mon Oct 27 14:30:49 UTC 2003


> From: Krzysztof Snopek <ksnopek@ely.pg.gda.pl>

> I need to include several campus networks in my grey_whitelist, so
> I put there something like
>
> ok	ip	a.b.c.d/19
>
> but running dbclean -Gi .....
> I see message
> "CIDR block lenhth in a.b.c.d/19 too large"
>  Even /20 or /21 has similar effect; but /24 works OK.. What is the
> reason of this limitation? Could it be removed?

There needs to be some limitation.  Consider what would happen to your
database and your filesystem if a.b.c.d/1 were allowed.  Remember that
the DCC uses checksums.  a.b.c.d/N is merely a short way to write the
equivalent 2**N whitelist lines.  a.b.c.d/1 would be a request to add
2,147,483,648 entries or a total of about 1 TByte to your database.

Thus the question is not whether the limitation must exist but its size.
Client white lists are limited to about 80K entries total, so the
limit should be small.  A /19 needs only 32 lines, so the /24 limit seems
tolerable.

There may be better tactics than DCC whitelisting a /19.  For example,
can you use a sendmail access_DB and tell dccm to honor what sendmail
says about white- and blacklisting?


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.