From owner-freebsd-security@FreeBSD.ORG Mon Feb 9 02:25:34 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B09C416A4CE for ; Mon, 9 Feb 2004 02:25:34 -0800 (PST) Received: from ns.tern.ru (mail.tern.ru [195.210.170.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 970C243D1D for ; Mon, 9 Feb 2004 02:25:33 -0800 (PST) (envelope-from freebsd@tern.ru) Received: from mail.tern.ru (mail.tern.ru [192.168.1.140]) by ns.tern.ru (X/X) with ESMTP id i19AQSYj065312 for ; Mon, 9 Feb 2004 13:26:29 +0300 X-Spam-Filter: check_local@ns.tern.ru by digitalanswers.org Received: from mail.tern.ru (localhost.tern.ru [127.0.0.1]) by mail.tern.ru (X/X) with ESMTP id i19AS6H6069491 for ; Mon, 9 Feb 2004 13:28:06 +0300 (MSK) Received: (from root@localhost) by mail.tern.ru (X/X) id i19AS6CR069489 for freebsd-security@freebsd.org.VIRCHECK; Mon, 9 Feb 2004 13:28:06 +0300 (MSK) Received: from snork.tern.ru (snork.tern.ru [192.168.1.133]) by mail.tern.ru (X/X) with ESMTP id i19AS4H6069461; Mon, 9 Feb 2004 13:28:05 +0300 (MSK) Date: Mon, 9 Feb 2004 13:27:37 +0300 From: freebsd@tern.ru Organization: Tern X-Priority: 3 (Normal) Message-ID: <445120208.20040209132737@tern.ru> To: Peter Pentchev In-Reply-To: <20040206111051.GB724@straylight.m.ringlet.net> References: <614479869.20040206131706@tern.ru> <20040206103833.GD4848@straylight.m.ringlet.net> <1424875954.20040206134618@tern.ru> <20040206111051.GB724@straylight.m.ringlet.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-security@freebsd.org Subject: Re[2]: ipfw question X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Alexandre Krasnov List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Feb 2004 10:25:34 -0000 It's funny. This (your) variant: ipfw add count from IP1 not to { IP2,IP3 } was accepted by ipfw but resulted in (was rewritten by ipfw as) the rule: ipfw add count from IP1 to not IP2,IP3 So, I guess that my initial ipfw add count from IP1 to not IP2,IP3 should be what I was looking for. Thank you for your reply. Indeed not to { IP2,IP3 } is more clear sentence from the point of human logic then the one used by ipfw :) Alex. PP> On Fri, Feb 06, 2004 at 01:46:18PM +0300, freebsd@tern.ru wrote: PP> [actually, I wrote] >> PP> Could you try >> PP> ipfw add count from IP1 to not { IP2,IP3 } >> >> Definitely I tried it already before writing to group. It does not >> work. >> Here is the exact error message for this try: >> ipfw: hostname ``'' unknown PP> Er, sorry, my mistake; could you try 'not to' instead of 'to not'? :) PP> G'luck, PP> Peter