From owner-freebsd-questions@FreeBSD.ORG Tue Dec 23 07:40:01 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2966016A4CE for ; Tue, 23 Dec 2003 07:40:01 -0800 (PST) Received: from smtp.infracaninophile.co.uk (ns0.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6534343D41 for ; Tue, 23 Dec 2003 07:39:58 -0800 (PST) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [127.0.0.1]) hBNFdjWP037081 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 23 Dec 2003 15:39:46 GMT (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)id hBNFdjJ1037080; Tue, 23 Dec 2003 15:39:45 GMT (envelope-from matthew) Date: Tue, 23 Dec 2003 15:39:45 +0000 From: Matthew Seaman To: Lee Dilkie Message-ID: <20031223153945.GB36128@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , Lee Dilkie , 'Lev Klimin' , freebsd-questions@freebsd.org References: <18400343353.20031223094425@mari-el.ru> <006a01c3c95b$f02884a0$c10133ce@dilkie.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="BwCQnh7xodEAoBMC" Content-Disposition: inline In-Reply-To: <006a01c3c95b$f02884a0$c10133ce@dilkie.com> User-Agent: Mutt/1.5.5.1i X-Spam-Status: No, hits=-4.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.61 X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on happy-idiot-talk.infracaninophile.co.uk cc: 'Lev Klimin' cc: freebsd-questions@freebsd.org Subject: Re: ipfw2 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2003 15:40:01 -0000 --BwCQnh7xodEAoBMC Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Dec 23, 2003 at 08:51:57AM -0500, Lee Dilkie wrote: > > I think that it's right: > > ipfw 1000 add permit all from 192.168.1.1/24{3,5,9} to any > > but I see follwing: > > ipfw: bad width ``243'' =20 > 192.168.1.1/24{3,5,9} translates to 192.168.1.1/243, 192.168.1.1/245 or > 192.168.1.1/249. Uh, at least, not in ipfw2 rulesets it doesn't. Where it does expand like that is in csh(1), bash(1), zsh(1) and similar shells (but not sh(1)): % echo 192.168.1.1/24{3,5,9} 192.168.1.1/243 192.168.1.1/245 192.168.1.1/249 Perhaps the original poster was typing the rules in at the command prompt? In which case, simply use a few quote marks to stop the shell interfering: # ipfw add 1000 permit all from '192.168.1.1/24{3,5,9}' Or load the rules out of a file. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --BwCQnh7xodEAoBMC Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/6GHBdtESqEQa7a0RAvHPAJ9eY0ls/YmcH9Z6mjBYIcnCotfbYACfWXuA R2EKJJMxwgjjy0tzrC9Xmmk= =SjHT -----END PGP SIGNATURE----- --BwCQnh7xodEAoBMC--