From owner-freebsd-questions  Wed Jan  9  4: 9:36 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from web14609.mail.yahoo.com (web14609.mail.yahoo.com [216.136.224.241])
	by hub.freebsd.org (Postfix) with SMTP id 09AA537B419
	for <freebsd-questions@freebsd.org>; Wed,  9 Jan 2002 04:09:33 -0800 (PST)
Message-ID: <20020109120932.71726.qmail@web14609.mail.yahoo.com>
Received: from [66.156.9.15] by web14609.mail.yahoo.com via HTTP; Wed, 09 Jan 2002 04:09:32 PST
Date: Wed, 9 Jan 2002 04:09:32 -0800 (PST)
From: Jerry Murdock <jerry_murdock@yahoo.com>
Subject: Re: Fw: firewalling with ipfw
To: "Heimes, Rene" <rh@com-con.net>,
	Andrey Simonenko <simon@comsys.ntu-kpi.kiev.ua>
Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
In-Reply-To: <022301c19904$189f5a60$0201a8c0@itraktech.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

pf on OpenBSD will do this.  

IPF won't do it natively, but look at IPFMeta in ports. ipfmeta will allow you
to define the groups, write rules using them, and then expand everything into
proper ipf rules for you.

It's perl, probably could be modified for ipfw.

Jerry

--- Heimes, Rene <rh@com-con.net> wrote:
> 
> so there is no possibility of grouping ip?s that should match a special
> ruleset, if they cannot be treated as a "subnet"?
> can i perform this action with ipf? can someone point me to a good HOWTO
> for that?
> 
> TIA,
> Rene
> 
> > Hello there!
> > 
> > How can I realize grouping different IP-Addresses in ipfw? For
> Example,
> > putting  192.168.40.1, 192.168.40.31 and 192.168.40.21 into one group
> > called "abcd"? 
> > 
> 
> You can try to aggregate needed IP addresses with the common mask, if
> it is impossinle, then there will not be any performance improvements in
> putting different IP addresses to one IPFW rule.


__________________________________________________
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message