From owner-freebsd-stable Sat Aug 31 19:13:26 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A101E37B401 for ; Sat, 31 Aug 2002 19:13:20 -0700 (PDT) Received: from iguana.icir.org (iguana.icir.org [192.150.187.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id 45FBA43E72 for ; Sat, 31 Aug 2002 19:13:20 -0700 (PDT) (envelope-from rizzo@iguana.icir.org) Received: from iguana.icir.org (localhost [127.0.0.1]) by iguana.icir.org (8.12.3/8.11.3) with ESMTP id g812DJIb071535; Sat, 31 Aug 2002 19:13:19 -0700 (PDT) (envelope-from rizzo@iguana.icir.org) Received: (from rizzo@localhost) by iguana.icir.org (8.12.3/8.12.3/Submit) id g812DJ8I071534; Sat, 31 Aug 2002 19:13:19 -0700 (PDT) (envelope-from rizzo) Date: Sat, 31 Aug 2002 19:13:19 -0700 From: Luigi Rizzo To: "Jeffrey J. Mountin" Cc: Kenneth W Cochran , freebsd-stable@FreeBSD.ORG Subject: Re: IPFW2 option in -stable kernel config Message-ID: <20020831191318.A71479@iguana.icir.org> References: <4.3.2.20020831112817.00e57e30@207.227.119.2> <200208311312.JAA118809063@shell.TheWorld.com> <4.3.2.20020831112817.00e57e30@207.227.119.2> <20020831150538.A69952@iguana.icir.org> <4.3.2.20020831183206.00dd5580@207.227.119.2> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <4.3.2.20020831183206.00dd5580@207.227.119.2>; from jeff-ml@mountin.net on Sat, Aug 31, 2002 at 06:49:48PM -0500 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sat, Aug 31, 2002 at 06:49:48PM -0500, Jeffrey J. Mountin wrote: ... > >ranges are limited to /24 or larger masks (partly to simplify parsing, for larger i meant /25 ... /32 i.e. smaller sets > So how does it work with something larger than a /24? In my last message I > used: > > ... ip from 1.2.36.0/22{36.1,37.2,38.3,39.4} to ... > > Is this correct? > > And if what I gather from your reply then one could do: > > ... ip from 0.0.0.0/0{1.2.3.4,2.3.4.5,3.4.5.6} to ... > > Or is that asking too much? 8-) you _can_ write it as { 1.2.3.4 or 2.3.4.5 or 3.4.5.6 } but of course it is going to check all addresses sequentially. > So for now it can only be a comma separated list and only port values can > use ranges. Right? yes. Port values and MAC types and (i think) some icmp options, same as ipfw1 luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message