Date: Wed, 8 Feb 2006 17:57:03 -0600 From: Dan Nelson <dnelson@allantgroup.com> To: Drew Tomlinson <drew@mykitchentable.net> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Best Way To Block Range of Addresses with ipfw2? Message-ID: <20060208235703.GG78323@dan.emsphone.com> In-Reply-To: <43EA7C7C.8060500@mykitchentable.net> References: <43EA75C6.4010204@mykitchentable.net> <43EA7A89.7090501@mac.com> <43EA7C7C.8060500@mykitchentable.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Feb 08), Drew Tomlinson said: > On 2/8/2006 3:11 PM Chuck Swiger wrote: > >Drew Tomlinson wrote: > >>I want to deny access to addresses in this range: > >> > >>84.57.113.0 - 84.61.96.255 > >> > >>What is the best way to specify this range for ipfw2? There must > >>be a better way than listing a whole bunch of individual networks. > > > >deny ip from 84.56.0.0/13 to any > > > >...comes pretty close. Use finer-grained allow rule before that if you > >need to pass stuff in 84.56.0.0/16, for example. > > Thanks. I found that too but was just wondering if there was a way > to be exact. You could use an ipfw table to store the required subnets that cover your range; according to the manpage it's the most efficient way to store large address sets, and it also saves you from cluttering up your ruleset. -- Dan Nelson dnelson@allantgroup.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060208235703.GG78323>