From owner-freebsd-stable  Sat Aug 31 16:50:50 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8DC6C37B400; Sat, 31 Aug 2002 16:50:46 -0700 (PDT)
Received: from peak.mountin.net (peak.mountin.net [207.227.119.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id B5AC543E65; Sat, 31 Aug 2002 16:50:45 -0700 (PDT)
	(envelope-from jeff-ml@mountin.net)
Received: (from daemon@localhost)
	by peak.mountin.net (8.9.1/8.9.1) id SAA25800;
	Sat, 31 Aug 2002 18:50:35 -0500 (CDT)
	(envelope-from jeff-ml@mountin.net)
Received: from mke-24-167-197-76.wi.rr.com(24.167.197.76) by peak.mountin.net via smap (V1.3)
	id sma025798; Sat Aug 31 18:50:26 2002
Message-Id: <4.3.2.20020831183206.00dd5580@207.227.119.2>
X-Sender: jeff-ml@207.227.119.2
X-Mailer: QUALCOMM Windows Eudora Version 4.3
Date: Sat, 31 Aug 2002 18:49:48 -0500
To: Luigi Rizzo <luigi@FreeBSD.ORG>
From: "Jeffrey J. Mountin" <jeff-ml@mountin.net>
Subject: Re: IPFW2 option in -stable kernel config
Cc: Kenneth W Cochran <kwc@TheWorld.com>, freebsd-stable@FreeBSD.ORG
In-Reply-To: <20020831150538.A69952@iguana.icir.org>
References: <4.3.2.20020831112817.00e57e30@207.227.119.2>
 <200208311312.JAA118809063@shell.TheWorld.com>
 <4.3.2.20020831112817.00e57e30@207.227.119.2>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

At 03:05 PM 8/31/02 -0700, Luigi Rizzo wrote:

>ranges are limited to /24 or larger masks (partly to simplify parsing,
>partly because the bitmap grows exponentially with smaller masks).
>In fact, the subnet part is totally redundant (it suffices to lookup
>the list of numbers between brackets), but again its presence gives you
>a bit more error checking and eases parsing.

So how does it work with something larger than a /24?  In my last message I 
used:

... ip from 1.2.36.0/22{36.1,37.2,38.3,39.4} to ...

Is this correct?

And if what I gather from your reply then one could do:

... ip from 0.0.0.0/0{1.2.3.4,2.3.4.5,3.4.5.6} to ...

Or is that asking too much?  8-)

>I have been thinking about the use of ranges within the bitmap,
>e.g.  1.2.36.0/24{10-19,55,60-89,30}, this will be probably be
>added in a future release.

So for now it can only be a comma separated list and only port values can 
use ranges.  Right?


Forgot to mention before IPFW2 will show up in the dmesg.

cheers!


Jeff Mountin - jeff@mountin.net
Systems/Network Administrator
FreeBSD - the power to serve


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message