[sane-devel] need network syntax for saned.conf

ToddAndMargo ToddAndMargo at zoho.com
Sun Nov 26 08:39:51 UTC 2017 

On 11/25/2017 09:48 PM, Olaf Meeuwissen wrote:
> Hi,
> 
> ToddAndMargo writes:
> 
>>>
>>> Le samedi 25 novembre 2017, 01:38:56 ToddAndMargo a écrit :
>>>> Hi All,
>>>>
>>>> In saned.conf,
>>>>
>>>> what is the proper syntax to allow all IP from a particular network:
>>>>
>>>>          192.168.100.0/24
>>>>
>>>> and what is the syntax allow a range of networks:
>>>>
>>>>          192.168.100.0/24 through 192.168.105.0/24
>>>>
>>>>
>>>> Many thanks,
>>>> -T
>>>
>>
>> On 11/25/2017 02:05 AM, e.marc at orange.fr wrote:
>>   > Hello Sir,
>>   >
>>   > I'm not a specialist of sane but my search engine with "man
>> saned.conf" gave
>>   > me the following page
>>   > https://linux.die.net/man/8/saned
>>   > where I see an example
>>   > 	# Access list
>>   > 	scan-client.somedomain.firm
>>   > 	# this is a comment
>>   > 	192.168.0.1
>>   > 	192.168.2.12/29
>>   > 	[::1]
>>   > 	[2001:7a8:185e::42:12]/64
>>   >
>>   > Is it clear enough?
>>   >
>>   > Have a nice Saturday
>>   >
>>   > Regards
>>
>>
>> Actually no.
>>
>> I had found that portion, but got frustrated with them
>> calling "hostnames" as "IP addresses".  Not the same
>> thing.  Hostname is before the IP address is resolved.
> 
> You're right that host names and IP addresses are not the same thing,
> but the saned manual page says:
> 
>    The access list is a list of host names, IP addresses or IP subnets
>    (CIDR notation)
> 
> It doesn't say they are the same thing.  It just says that you can use
> whatever combination of these three is most convenient for you.

I have to go and find where I got the misunderstanding.  One of
the pains-in-the -neck of RHEL is that EVERYTHING is deliberately 
out-of-date.  Man pages are often wrong.

> 
>> And "192.168.2.12/29" which only gives you a single IP
>> address with its subnet mask.
> 
> Using that would allow access from all eight IPv4 addresses that have
> the same 29 initial bits as 192.168.2.12.  Please note that the CIDR
> notation was introduced exactly to allow addressing on arbitrary bit
> boundaries.
> 
> See https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing

 From the above link:

      For example:

         192.168.100.14/24 represents the IPv4 address 192.168.100.14
         and its associated routing prefix 192.168.100.0, or
         equivalently, its subnet mask 255.255.255.0, which has 24
         leading 1-bits.

         the IPv4 block 192.168.100.0/22 represents the 1024 IPv4
         addresses from 192.168.100.0 to 192.168.103.255.

Which was my complaint with "192.168.2.12/29" which only refers
to one IP address, not all the IPs in its mask (not the block).

If you wanted everyone in 29's mask (the block), it would have
been written as 29's broadcast address, not a member of the mask:
     192.168.100.12/29
meaning 192.168.100.12 to 15

> 
>> The above line shows that
>> you do not need the subnet mask.  xxx.xxx.xxx.0/24
>> tells you  all the IP's from xxx.xxx.xxx.1 to 255
>>
>> Can I get away with 192.168.222.0/23?  That would
>> be 192.168.222 to 223. 1 to 255
> 
> Yes.
> 
> Hope this helps,

Yes it does!  Thank you!

Are you able to look at my error log over on
"[sane-devel] where is my socket error?"

This dog (PDF Studio) don't hunt (read saned)!

More information about the sane-devel mailing list