Trying to filter out 4 IP ranges, 3 can use CIDR..... suggestions?
Here's the overall goal:
I have 4 IP ranges. I need to filter out results from the firewall for these 4 ranges.
Here's the challenge:
3 of these IP ranges I can use a CIDR range, 1 range is 5 IP's shy of being able to use CIDR on it as well.
What would be the best approach to accomplish this?
-
Official comment
First I would definitely upvote idea 1834 which asks for CIDR based lookup tables. Meantime I would just do something like this:
| where !(ip="127.0.0.1" or ip="127.0.0.2" or compareCIDRPrefix("10.10.1.32", ip, toInt(27)))
replacing the individual IPs and ranges of your own, and add more or clauses as req'd. basically the equality check and compareDICRPrefix operators both return boolean so code similar to above should do the trickComment actions
Please sign in to leave a comment.
Comments
1 comment