Page 1 of 1

Tag Type : RANGE

Posted: Fri Feb 17, 2017 7:27 pm
by adsquaired
Hello,

I am porting over an extensive Iptables rule set from an OpenVPN server configuration to OpenVPN Access Server. To make things easier and clearer I am scripting the configuration of users, groups and ACLs with sacli.

Example Script Snippet

Code: Select all

./sacli --user Chain_1 --key group_declare --value True UserPropPut
./sacli --user Chain_1 --key prop_autologin --value false UserPropPut
./sacli --user Chain_1 --key prop_deny --value false UserPropPut
./sacli --user Chain_1 --key prop_superuser --value false UserPropPut
./sacli --user Chain_1 --key prop_block_ipv6 --value true UserPropPut
./sacli --user Chain_1 --key access_to.0 --value "+SUBNET:10.100.2.0/24:tcp/80" UserPropPut
I would prefer not to use the entire 10.100.2.0/24 and would rather use only what I need. 10.100.2.1-25.
My wishlist is to have support for something like this.

Code: Select all

./sacli --user Chain_1 --key access_to.0 --value "+RANGE:10.100.2.1-25:tcp/80" UserPropPut
Is there support for ranges in the filter rules?

Re: Tag Type : RANGE

Posted: Mon Feb 20, 2017 7:42 pm
by adsquaired
Additionally, is there support for +NAT Range as well as +SUBNET?