From owner-freebsd-questions Wed May 29 12:42: 7 2002 Delivered-To: freebsd-questions@freebsd.org Received: from archive.e-u-a.net (rrcs-midsouth-24-199-181-242.biz.rr.com [24.199.181.242]) by hub.freebsd.org (Postfix) with ESMTP id 263C137B405 for ; Wed, 29 May 2002 12:41:59 -0700 (PDT) Received: from armageddon (e-u-a.net [24.199.181.242]) by archive.e-u-a.net (8.12.1/8.12.1) with SMTP id g4TJg82o030779; Wed, 29 May 2002 15:42:09 -0400 (EDT) (envelope-from ecrist@secure-computing.net) Message-ID: <00c001c20748$e3dbd570$fe01a8c0@armageddon> Reply-To: "Eric F Crist" From: "Eric F Crist" To: "Chris Appleton" , References: <20020528100031.56453.qmail@web14802.mail.yahoo.com> Subject: Re: ipfw range filter? Date: Wed, 29 May 2002 14:41:53 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 Disposition-Notification-To: "Eric F Crist" X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I would recommend simply not being *lazy* and setting up subnets. This is supported my the majority of the IPv4 protocol, so you won't have any other potential configuration snafu's around your network. If you have the 10.0.0.0/24 class C network, for example, and you want to filter out 230-254, you could do it with the following rules: ipfw add 1010 allow ip from 10.0.0.224 to any ipfw add 1020 allow ip from 10.0.0.225 to any ipfw add 1030 allow ip from 10.0.0.226 to any ipfw add 1040 allow ip from 10.0.0.227 to any ipfw add 1050 allow ip from 10.0.0.228 to any ipfw add 1060 allow ip from 10.0.0.229 to any ipfw add 1100 deny ip from 10.0.0.224/27 to any HTH Eric F Crist President/Sys Admin AdTech Integrated Systems, Inc. http://www.adtechintegrated.com ----- Original Message ----- From: "Chris Appleton" To: Sent: Tuesday, May 28, 2002 5:00 AM Subject: ipfw range filter? > is it possible to filter a range of ip's with one rule? > > unfortunately i've got a c class and just have the one subnet so i > don't think i can use /x for instance. i could try and create proper > subnets, but of course want the quickie. > > i don't like having 60 rules for pop and smtp to hosted servers. > > thanks advance, > > chris > > __________________________________________________ > Do You Yahoo!? > Yahoo! - Official partner of 2002 FIFA World Cup > http://fifaworldcup.yahoo.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message