FreeBSD Manual Pages
CIDR_TABLE(5) File Formats Manual CIDR_TABLE(5) NAME cidr_table - format of Postfix CIDR tables SYNOPSIS postmap -q "string" cidr:$config_directory/filename postmap -q - cidr:$config_directory/filename <inputfile DESCRIPTION The Postfix mail system uses optional lookup tables. These tables are usually in dbm or db format. Alternatively, lookup tables can be spec- ified in CIDR (Classless Inter-Domain Routing) form. In this case, each input is compared against a list of patterns. When a match is found, the corresponding result is returned and the search is terminated. To find out what types of lookup tables your Postfix system supports use the "postconf -m" command. To test lookup tables, use the "postmap -q" command as described in the SYNOPSIS above. TABLE FORMAT The general form of a Postfix CIDR table is: pattern result When a search string matches the specified pattern, use the cor- responding result value. The pattern must be in network/prefix or network_address form (see ADDRESS PATTERN SYNTAX below). !pattern result When a search string does not match the specified pattern, use the specified result value. The pattern must be in network/pre- fix or network_address form (see ADDRESS PATTERN SYNTAX below). This feature is available in Postfix 3.2 and later. if pattern endif When a search string matches the specified pattern, match that search string against the patterns between if and endif. The pattern must be in network/prefix or network_address form (see ADDRESS PATTERN SYNTAX below). The if..endif can nest. Note: do not prepend whitespace to text between if..endif. This feature is available in Postfix 3.2 and later. if !pattern endif When a search string does not match the specified pattern, match that search string against the patterns between if and endif. The pattern must be in network/prefix or network_address form (see ADDRESS PATTERN SYNTAX below). The if..endif can nest. Note: do not prepend whitespace to text between if..endif. This feature is available in Postfix 3.2 and later. blank lines and comments Empty lines and whitespace-only lines are ignored, as are lines whose first non-whitespace character is a `#'. multi-line text A logical line starts with non-whitespace text. A line that starts with whitespace continues a logical line. TABLE SEARCH ORDER Patterns are applied in the order as specified in the table, until a pattern is found that matches the search string. ADDRESS PATTERN SYNTAX Postfix CIDR tables are pattern-based. A pattern is either a net- work_address which requires an exact match, or a network_address/pre- fix_length where the prefix_length part specifies the length of the network_address prefix that must be matched (the other bits in the net- work_address part must be zero). An IPv4 network address is a sequence of four decimal octets separated by ".", and an IPv6 network address is a sequence of three to eight hexadecimal octet pairs separated by ":" or "::", where the latter is short-hand for a sequence of one or more all-zero octet pairs. The pat- tern 0.0.0.0/0 matches every IPv4 address, and ::/0 matches every IPv6 address. IPv6 support is available in Postfix 2.2 and later. Before comparisons are made, lookup keys and table entries are con- verted from string to binary. Therefore, IPv6 patterns will be matched regardless of leading zeros (a leading zero in an IPv4 address octet indicates octal notation). Note: address information may be enclosed inside "[]" but this form is not required. INLINE SPECIFICATION The contents of a table may be specified in the table name (Postfix 3.7 and later). The basic syntax is: main.cf: parameter = .. cidr:{ { rule-1 }, { rule-2 } .. } .. master.cf: .. -o { parameter = .. cidr:{ { rule-1 }, { rule-2 } .. } .. } .. Postfix recursively expands any $parametername instances in the above parameter value, ignores whitespace after '{' and before '}', and writes each rule as one text line to an in-memory file: in-memory file: rule-1 rule-2 .. Postfix parses the result as if it is a file in /usr/local/etc/postfix. Note: if a rule contains $, specify $$ to keep Postfix from trying to do $name expansion as it evaluates a parameter value. EXAMPLE SMTPD ACCESS MAP /usr/local/etc/postfix/main.cf: smtpd_client_restrictions = ... cidr:$config_directory/client.cidr ... /usr/local/etc/postfix/client.cidr: # Rule order matters. Put more specific allowlist entries # before more general denylist entries. 192.168.1.1 OK 192.168.0.0/16 REJECT 2001:db8::1 OK 2001:db8::/32 REJECT SEE ALSO postmap(1), Postfix lookup table manager regexp_table(5), format of regular expression tables pcre_table(5), format of PCRE tables README FILES Use "postconf readme_directory" or "postconf html_directory" to locate this information. DATABASE_README, Postfix lookup table overview HISTORY CIDR table support was introduced with Postfix version 2.1. AUTHOR(S) The CIDR table lookup code was originally written by: Jozsef Kadlecsik KFKI Research Institute for Particle and Nuclear Physics POB. 49 1525 Budapest, Hungary Adopted and adapted by: Wietse Venema IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA Wietse Venema Google, Inc. 111 8th Avenue New York, NY 10011, USA CIDR_TABLE(5)
NAME | SYNOPSIS | DESCRIPTION | TABLE FORMAT | TABLE SEARCH ORDER | ADDRESS PATTERN SYNTAX | INLINE SPECIFICATION | EXAMPLE SMTPD ACCESS MAP | SEE ALSO | README FILES | HISTORY | AUTHOR(S)
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=cidr_table&sektion=5&manpath=FreeBSD+Ports+14.3.quarterly>