From owner-freebsd-ipfw Mon Nov 4 2:20:55 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D5AE037B404 for ; Mon, 4 Nov 2002 02:20:54 -0800 (PST) Received: from fatma.kssgm.gov.tr (fatma.kssgm.gov.tr [195.142.143.69]) by mx1.FreeBSD.org (Postfix) with SMTP id BAD7943E77 for ; Mon, 4 Nov 2002 02:20:53 -0800 (PST) (envelope-from ulku.sayilan@kssgm.gov.tr) Received: (qmail 50784 invoked from network); 4 Nov 2002 10:18:52 -0000 Received: from unknown (HELO MELIHA) (172.16.0.2) by 0 with SMTP; 4 Nov 2002 10:18:52 -0000 Date: Mon, 4 Nov 2002 12:20:31 +0200 From: =?ISO-8859-1?B?3Gxr/CBTQVlJTEFO?= X-Mailer: The Bat! (v1.45) Personal Reply-To: ulku SAYILAN Organization: DGSPW X-Priority: 3 (Normal) Message-ID: <415299793.20021104122031@kssgm.gov.tr> To: freebsd-ipfw@freebsd.org Subject: subscribe Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This e-mail was scanned by Antivirus! http://www.kssgm.gov.tr To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Wed Nov 6 22:45:40 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A50EF37B401 for ; Wed, 6 Nov 2002 22:45:39 -0800 (PST) Received: from idk.com (idk.com [65.104.9.99]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4EB1E43E6E for ; Wed, 6 Nov 2002 22:45:39 -0800 (PST) (envelope-from ian@idk.com) Received: (from ian@localhost) by idk.com (8.9.3/8.9.3) id WAA29688 for freebsd-ipfw@freebsd.org; Wed, 6 Nov 2002 22:45:44 -0800 (PST) From: Ian Kettleborough Message-Id: <200211070645.WAA29688@idk.com> Subject: How do I need with ipfw to block this To: freebsd-ipfw@freebsd.org Date: Wed, 6 Nov 2002 22:45:43 -0800 (PST) X-Mailer: ELM [version 2.5 PL6] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I need to block a complete site: xxx.1.0.0 thru xxx.100.255.255 I undertand how to use ipfw but I need some help in figuring out this one? ipfw add xx deny ip from xxx.1.0.0/zz to any The zz is what I cannot figure out for this group of IP's. Thanks Ian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu Nov 7 2:32: 1 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AFB7137B401 for ; Thu, 7 Nov 2002 02:31:59 -0800 (PST) Received: from server.rucus.ru.ac.za (server.rucus.ru.ac.za [146.231.115.1]) by mx1.FreeBSD.org (Postfix) with SMTP id 68FDD43E3B for ; Thu, 7 Nov 2002 02:31:56 -0800 (PST) (envelope-from drs@rucus.ru.ac.za) Received: (qmail 96185 invoked from network); 7 Nov 2002 10:31:44 -0000 Received: from bashir.dsl.ru.ac.za (146.231.113.19) by server.rucus.ru.ac.za with SMTP; 7 Nov 2002 10:31:44 -0000 Received: (qmail 1320 invoked by uid 1001); 7 Nov 2002 10:31:40 -0000 Date: Thu, 7 Nov 2002 12:31:40 +0200 From: David =?iso-8859-1?Q?Sieb=F6rger?= To: Ian Kettleborough Cc: freebsd-ipfw@freebsd.org Subject: Re: How do I need with ipfw to block this Message-ID: <20021107103140.GD385@rucus.ru.ac.za> References: <200211070645.WAA29688@idk.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <200211070645.WAA29688@idk.com> User-Agent: Mutt/1.4i Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 10:45 PM on Wednesday 6 November 2002, Ian Kettleborough wrote: > I need to block a complete site: > > xxx.1.0.0 thru xxx.100.255.255 > > I undertand how to use ipfw but I need some help in figuring out this one? > > ipfw add xx deny ip from xxx.1.0.0/zz to any > > The zz is what I cannot figure out for this group of IP's. This is why it pays to allocate IP blocks on CIDR boundaries, rather than decimal round numbers. You could use rules like this: 100 deny ip from xxx.1.0.0/16 to any 100 deny ip from xxx.2.0.0/15 to any 100 deny ip from xxx.4.0.0/14 to any 100 deny ip from xxx.8.0.0/13 to any 100 deny ip from xxx.16.0.0/12 to any 100 deny ip from xxx.32.0.0/11 to any 100 deny ip from xxx.64.0.0/11 to any 100 deny ip from xxx.96.0.0/14 to any 100 deny ip from xxx.100.0.0/16 to any If you include xxx.0.0.0 to xxx.0.255.255, that simplifies to: 100 deny ip from xxx.0.0.0/11 to any 100 deny ip from xxx.32.0.0/11 to any 100 deny ip from xxx.64.0.0/11 to any 100 deny ip from xxx.96.0.0/14 to any 100 deny ip from xxx.100.0.0/16 to any Alternatively: 100 skipto 102 ip from xxx.0.0.0/16 to any 100 skipto 102 ip from xxx.101.0.0/16 to any 100 skipto 102 ip from xxx.102.0.0/15 to any 100 skipto 102 ip from xxx.104.0.0/13 to any 100 skipto 102 ip from xxx.112.0.0/12 to any 101 deny ip from xxx.0.0.0/9 to any There are many CIDR calculators (such as net/cidr) available to do this sort of maths. -- David Siebörger drs@rucus.ru.ac.za To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu Nov 7 12:20: 6 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3B71537B401 for ; Thu, 7 Nov 2002 12:20:04 -0800 (PST) Received: from smurf.jnielsen.net (12-254-140-119.client.attbi.com [12.254.140.119]) by mx1.FreeBSD.org (Postfix) with ESMTP id 16BAD43E9C for ; Thu, 7 Nov 2002 12:19:58 -0800 (PST) (envelope-from john@jnielsen.net) Received: from buff.local (buff.local [192.168.0.10]) by smurf.jnielsen.net (8.12.6/8.12.6) with ESMTP id gA7Ks3KQ004543; Thu, 7 Nov 2002 13:54:04 -0700 (MST) (envelope-from john@jnielsen.net) Content-Type: text/plain; charset="iso-8859-1" From: John Nielsen To: Ian Kettleborough , freebsd-ipfw@FreeBSD.ORG Subject: Re: How do I need with ipfw to block this Date: Thu, 7 Nov 2002 01:43:30 -0700 User-Agent: KMail/1.4.3 References: <200211070645.WAA29688@idk.com> In-Reply-To: <200211070645.WAA29688@idk.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200211070143.30742.john@jnielsen.net> Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wednesday 06 November 2002 23:45, Ian Kettleborough wrote: > I need to block a complete site: > > xxx.1.0.0 thru xxx.100.255.255 > > I undertand how to use ipfw but I need some help in figuring out this > one? > > ipfw add xx deny ip from xxx.1.0.0/zz to any > > The zz is what I cannot figure out for this group of IP's. This might be better on another list, since it's essentially a basic=20 networking question. The port net/ipcalc is quite useful for questions=20 like these as well. xxx.0.0.0/9 is the network xxx.0.0.0 through xxx.127.255.255 You can't get the exact range 1..100 without using multiple rules (or a s= et=20 of match patterns if you're using ipfw2). JN To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message