Common place to keep subnet address/size information?
In Debian Edu, we provide a out of the box pre-configured network
solution for schools. We hard code the IP subnet used, to be able to
configure all the services we want to have working out of the box. We
want to avoid hard coding the IP addresses and IP subnet, but found no
other way to get it working. This email document an idea on how to
avoid this hard coding.
At the moment, very few services need subnet information. It is
squid, sysklogd, cfengine (cfservd), dhcpd and bind. The first three
need to have a subnet access limit, and we currently hardcode it to
10.0.2.0/255.255.254.0 or 10.0.2.0/23, depending on the supported
notation. It would be better if we could use a symbolic name, and
store the subnet IP address in a common location, thus making it
easier to change the IP subnet used.
One obvious solution would be to use /etc/networks, and rewrite squid,
sysklogd and cfservd to use information in this file. The problem is
only that getnetent() and friends only support the classic A, B and C
subnets, aka /8, /16 and /24. Would it be possible to extend
/etc/networks to support any subnet size? I guess the easiest way to
do this would be to extend the 'number' part of the file to support
the slash notation. It should be backwards compatible, as the
original POSIX notation only allow digits and dots in this field.
Is this a good idea? How would glibc have to change to handle this?
Are there any other options available for us to avoid hard coding IP
subnet information in the squid, sysklogd and cfservd configuration
files?
Friendly,
--
Petter Reinholdtsen
One of the Debian Edu developers
Reply to: