.TH CIDR_TABLE 5
.ad
.fi
.SH NAME
cidr_table
\-
format of Postfix CIDR tables
.SH "SYNOPSIS"
.na
.nf
\fBpostmap -q "\fIstring\fB" cidr:/etc/postfix/\fIfilename\fR
\fBpostmap -q - cidr:/etc/postfix/\fIfilename\fR <\fIinputfile\fR
.SH DESCRIPTION
.ad
.fi
The Postfix mail system uses optional lookup tables.
These tables are usually in \fBdbm\fR or \fBdb\fR format.
Alternatively, lookup tables can be specified in CIDR
(Classless Inter-Domain Routing) form. In this case, each
input is compared against a list of patterns. When a match
is found, the corresponding result is returned and the search
is terminated.
To find out what types of lookup tables your Postfix system
supports use the "\fBpostconf -m\fR" command.
To test lookup tables, use the "\fBpostmap -q\fR" command as
described in the SYNOPSIS above.
.SH "TABLE FORMAT"
.na
.nf
.ad
.fi
The general form of a Postfix CIDR table is:
.IP "\fInetwork_address\fB/\fInetwork_mask result\fR"
When a search string matches the specified network block,
use the corresponding \fIresult\fR value. Specify
0.0.0.0/0 to match every IPv4 address, and ::/0 to match
every IPv6 address.
An IPv4 network address is a sequence of four decimal octets
separated by ".", and an IPv6 network address is a sequence
of three to eight hexadecimal octet pairs separated by ":".
Before comparisons are made, lookup keys and table entries
are converted from string to binary. Therefore table entries
will be matched regardless of redundant zero characters.
Note: address information may be enclosed inside "[]" but
this form is not required.
IPv6 support is available in Postfix 2.2 and later.
.IP "\fInetwork_address result\fR"
When a search string matches the specified network address,
use the corresponding \fIresult\fR value.
.IP "blank lines and comments"
Empty lines and whitespace-only lines are ignored, as
are lines whose first non-whitespace character is a `#'.
.IP "multi-line text"
A logical line starts with non-whitespace text. A line that
starts with whitespace continues a logical line.
.SH "TABLE SEARCH ORDER"
.na
.nf
.ad
.fi
Patterns are applied in the order as specified in the table, until a
pattern is found that matches the search string.
.SH "EXAMPLE SMTPD ACCESS MAP"
.na
.nf
.nf
/etc/postfix/main.cf:
smtpd_client_restrictions = ... cidr:/etc/postfix/client.cidr ...
/etc/postfix/client.cidr:
# Rule order matters. Put more specific whitelist entries
# before more general blacklist entries.
192.168.1.1 OK
192.168.0.0/16 REJECT
.fi
.SH "SEE ALSO"
.na
.nf
postmap(1), Postfix lookup table manager
regexp_table(5), format of regular expression tables
pcre_table(5), format of PCRE tables
.SH "README FILES"
.na
.nf
.ad
.fi
Use "\fBpostconf readme_directory\fR" or
"\fBpostconf html_directory\fR" to locate this information.
.na
.nf
DATABASE_README, Postfix lookup table overview
.SH "HISTORY"
.na
.nf
CIDR table support was introduced with Postfix version 2.1.
.SH "AUTHOR(S)"
.na
.nf
The CIDR table lookup code was originally written by:
Jozsef Kadlecsik
KFKI Research Institute for Particle and Nuclear Physics
POB. 49
1525 Budapest, Hungary
Adopted and adapted by:
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA