[syslog-ng]Filter question.
Balazs Scheidler
syslog-ng@lists.balabit.hu
Tue, 29 Apr 2003 15:21:10 +0200
On Mon, Apr 28, 2003 at 11:01:02PM -0400, Jay Davis wrote:
> If I set up a filter to allow messages from a wide spectrum of systems.
> (whole subnets) can I block a particular host that is a potential flood
> device. i.e. allow 10.1.20.* but block 10.1.20.36?
you can use the netmask() filter like this:
filter f_ip { netmask("10.1.20.0/24") and not netmask("10.1.20.36"); };
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1