Trying to filter out 4 IP ranges, 3 can use CIDR..... suggestions?

Follow
Avatar
Keith Dixon

Here's the overall goal:
I have 4 IP ranges. I need to filter out results from the firewall for these 4 ranges.

Here's the challenge:
3 of these IP ranges I can use a CIDR range, 1 range is 5 IP's shy of being able to use CIDR on it as well.

What would be the best approach to accomplish this?

0

Comments

1 comment

Sort by Date Votes
  • Official comment
    Avatar
    Matt Sullivan

    First I would definitely upvote idea 1834 which asks for CIDR based lookup tables. Meantime I would just do something like this:

    | where !(ip="127.0.0.1" or ip="127.0.0.2" or compareCIDRPrefix("10.10.1.32", ip, toInt(27)))

    replacing the individual IPs and ranges of your own, and add more or clauses as req'd.  basically the equality check and compareDICRPrefix operators both return boolean so code similar to above should do the trick

    Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post