Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] IP address subnet notation
- Date: Mon, 16 Nov 2020 06:51:50 +0000
- From: "Hitchen, Greg (IM&T, Kensington WA)" <Greg.Hitchen@xxxxxxxx>
- Subject: Re: [HTCondor-users] IP address subnet notation
OK, answering my own question.
It appears you can use the format xxx.yyy.176.0/20
I couldn't find anything in the manual/documentation but did find (via google) a presentation that had examples:
ALLOW_WRITE = *
ALLOW_WRITE = goose.cs.wisc.edu
ALLOW_WRITE = *.cs.wisc.edu
ALLOW_WRITE = 128.105.*
ALLOW_WRITE = 128.105.0.0/16
So it seems to work OK using that last format from some limited testing I did.
It would be helpful though if someone could just confirm this.
Thanks
Cheers
Greg
-----Original Message-----
From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> On Behalf Of Hitchen, Greg (IM&T, Kensington WA)
Sent: Monday, 16 November 2020 12:02 PM
To: HTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx>
Subject: [ExternalEmail] [HTCondor-users] IP address subnet notation
Hi All
I would like to add some subnets to DENY_READ and DENY_WRITE
Not so bad if you just want to block something like 174.23.57.*
However I have a list of subnets like xxx.yyy.176.0/20 which equates to xxx.yyy.(176-191).*, i.e.
xxx.yyy.176.*, xxx.yyy.177.*, xxx.yyy.178.*, ......, etc. up to xxx.yyy.191.*
i.e. 16 subnets, and I have multiple of these, although not all /20. Some are /21 (8 subnets) and some /22 (4 subnets)
I think I know the answer, but I'm hoping there might be a shorthand way rather than having to list every single subnet,
otherwise there will be 58 single subnets to list. â
Thanks
Cheers
Greg
P.S. The subnets in question are ranges within our internal network, BUT specifically allocated to our VPN services.
We do not want machines (laptops) as part of the pool when VPN'ed in.
Note that this is a "just in case strategy" as the NETWORK_INTERFACE settings will only allow IPs within our internal
network to start up HTCondor anyway, which will be the case for machines at home as they will have an IP of their home
network when booted up and HTCondor tries to start. We want the DENY statements in case HTCondor gets restarted
AFTER a machine has VPN'ed in.
_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/