From owner-freebsd-ipfw@FreeBSD.ORG Tue May 6 11:50:56 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A1928106564A for ; Tue, 6 May 2008 11:50:56 +0000 (UTC) (envelope-from asstec@matik.com.br) Received: from msrv.matik.com.br (msrv.matik.com.br [200.152.83.14]) by mx1.freebsd.org (Postfix) with ESMTP id 141C08FC1A for ; Tue, 6 May 2008 11:50:55 +0000 (UTC) (envelope-from asstec@matik.com.br) Received: from ap-h.matik.com.br (ap-h.matik.com.br [200.152.83.36]) by msrv.matik.com.br (8.14.1/8.13.1) with ESMTP id m46Ajfjh061032 for ; Tue, 6 May 2008 07:45:41 -0300 (BRT) (envelope-from asstec@matik.com.br) From: AT Matik Organization: Infomatik To: freebsd-ipfw@freebsd.org Date: Tue, 6 May 2008 07:48:18 -0300 User-Agent: KMail/1.9.7 References: <4d4dc3640805040840t5725fb4ejfd19da3c3f78ec73@mail.gmail.com> In-Reply-To: <4d4dc3640805040840t5725fb4ejfd19da3c3f78ec73@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200805060748.18487.asstec@matik.com.br> X-Virus-Scanned: ClamAV version 0.91.2, clamav-milter version 0.91.2 on msrv.matik.com.br X-Virus-Status: Clean Subject: Re: Syntax base IP X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 May 2008 11:50:56 -0000 On Sunday 04 May 2008 12:40:24 budsz wrote: > Hallo, > > I've rule in /etc/rc.firewall like this: > > ifint0=3D"rl0" > ippriviix=3D"192.168.0.0/24" > ipunlimit=3D"192.168.0.100/32,10.35.4.1/32,202.129.189.42/32,\ > 202.129.189.45/32,125.163.77.180/32,202.43.167.70/32,\ > =20 > 202.43.167.72/32,202.43.161.119/32,202.10.32.10/32,202.93.20.22/32,\ > 202.93.20.23/32,202.93.20.24/32,122.102.49.132/32,\ > 202.43.161.124/32,202.93.247.26/32,202.93.247.28/32" if you can not use tables you can write a for loop with skipto pefore the p= ipe for items in $ipunlimit; do ipfw add 100 skipto $rulenumber_after_pipe ip from $items to any done pipe rules (where you like to add in or out to via) > portlim=3D"20-21,80,88,443,2009,8080,8088,10007,18755" > bwunlimit=3D"197Kbit/s" > > ${fwcmd} add 100 pipe 1 ip from ${ippriviix} to { not ${ipunlimit} } > ${portlim} via ${ifint0} > ${fwcmd} add 101 pipe 1 ip from { not ${ipunlimit} } ${portlim} to > ${ippriviix} via ${ifint0} > ${fwcmd} pipe 1 config bw ${bwunlimit} > > Executing firewall I got error message like this: > #sh /etc/rc.firewall > ipfw: opcode 6 size 33 wrong > ipfw: getsockopt(IP_FW_ADD): Invalid argument > ipfw: opcode 2 size 33 wrong > ipfw: getsockopt(IP_FW_ADD): Invalid argument > > This error happened after I adding new IP Address 202.93.247.28/32 on > $ipunlimit variable. > It that correct to add 202.93.247.26/32 and 202.93.247.28/32 together? > or I should rewrite like > 202.93.247.26/29?. But already same on $ipunlimit variable like > 202.93.20.22/32 and 202.93.20.23/32 this is no problem. > > Any clue or suggestion about this syntax? > > Thanks You =2D-=20 Participe no BAIXO ASSINADO SCM: http://info.matik.com.br =2D- Atenciosamente, J.M. Respons=E1vel Plant=E3o Site Support Matik Infomatik Internet Technology (18)3551.8155 =A0(18)8112.7007 A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura. Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br