#++ # NAME # cidr_table 5 # SUMMARY # format of Postfix CIDR tables # SYNOPSIS # \fBpostmap -q "\fIstring\fB" cidr:/etc/postfix/\fIfilename\fR # # \fBpostmap -q - cidr:/etc/postfix/\fIfilename\fB <\fIinputfile\fR # DESCRIPTION # The Postfix mail system uses optional lookup tables. # These tables are usually in \fBdbm\fR or \fBdb\fR format. # Alternatively, lookup tables can be specified in CIDR # (Classless Inter-Domain Routing) form. In this case, each # input is compared against a list of patterns. When a match # is found, the corresponding result is returned and the search # is terminated. # # To find out what types of lookup tables your Postfix system # supports use the "\fBpostconf -m\fR" command. # # To test lookup tables, use the "\fBpostmap -q\fR" command as # described in the SYNOPSIS above. # TABLE FORMAT # .ad # .fi # The general form of a Postfix CIDR table is: # .IP "\fInetwork_address\fB/\fInetwork_mask result\fR" # When a search string matches the specified network block, # use the corresponding \fIresult\fR value. Specify # 0.0.0.0/0 to match every IPv4 address, and ::/0 to match # every IPv6 address. # # An IPv4 network address is a sequence of four decimal octets # separated by ".", and an IPv6 network address is a sequence # of three to eight hexadecimal octet pairs separated by ":". # # The \fInetwork_mask\fR is the number of high-order bits in # the \fInetwork_address\fR that the search string must match. # # Before comparisons are made, lookup keys and table entries # are converted from string to binary. Therefore table entries # will be matched regardless of redundant zero characters. # # Note: address information may be enclosed inside "[]" but # this form is not required. # # IPv6 support is available in Postfix 2.2 and later. # .IP "\fInetwork_address result\fR" # When a search string matches the specified network address, # use the corresponding \fIresult\fR value. # .IP "blank lines and comments" # Empty lines and whitespace-only lines are ignored, as # are lines whose first non-whitespace character is a `#'. # .IP "multi-line text" # A logical line starts with non-whitespace text. A line that # starts with whitespace continues a logical line. # TABLE SEARCH ORDER # .ad # .fi # Patterns are applied in the order as specified in the table, until a # pattern is found that matches the search string. # EXAMPLE SMTPD ACCESS MAP # .nf # /etc/postfix/main.cf: # smtpd_client_restrictions = ... cidr:/etc/postfix/client.cidr ... # # /etc/postfix/client.cidr: # # Rule order matters. Put more specific whitelist entries # # before more general blacklist entries. # 192.168.1.1 OK # 192.168.0.0/16 REJECT # .fi # SEE ALSO # postmap(1), Postfix lookup table manager # regexp_table(5), format of regular expression tables # pcre_table(5), format of PCRE tables # README FILES # .ad # .fi # Use "\fBpostconf readme_directory\fR" or # "\fBpostconf html_directory\fR" to locate this information. # .na # .nf # DATABASE_README, Postfix lookup table overview # HISTORY # CIDR table support was introduced with Postfix version 2.1. # AUTHOR(S) # The CIDR table lookup code was originally written by: # Jozsef Kadlecsik # KFKI Research Institute for Particle and Nuclear Physics # POB. 49 # 1525 Budapest, Hungary # # Adopted and adapted by: # Wietse Venema # IBM T.J. Watson Research # P.O. Box 704 # Yorktown Heights, NY 10598, USA # # Wietse Venema # Google, Inc. # 111 8th Avenue # New York, NY 10011, USA #--