From owner-freebsd-questions@FreeBSD.ORG  Mon May 21 17:51:19 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 480DC1065874
	for <freebsd-questions@freebsd.org>;
	Mon, 21 May 2012 17:51:19 +0000 (UTC)
	(envelope-from kudzu@tenebras.com)
Received: from mail-pb0-f54.google.com (mail-pb0-f54.google.com
	[209.85.160.54])
	by mx1.freebsd.org (Postfix) with ESMTP id 194BA8FC15
	for <freebsd-questions@freebsd.org>;
	Mon, 21 May 2012 17:51:19 +0000 (UTC)
Received: by pbbro2 with SMTP id ro2so7814639pbb.13
	for <freebsd-questions@freebsd.org>;
	Mon, 21 May 2012 10:51:18 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20120113;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type:x-gm-message-state;
	bh=4T9Muh4wT1FLYNrzSBAGck7dVQXitH7ZscHvWkskJ8s=;
	b=BmZ2PUu3IMBRDCh6/9O+d2ZAEz582wb39Uyo3XkkbM189j7fypzkciPEsUjZPUrEQr
	zIOeHJbs7pLDuY05Q6oO8deaR9nIL73RMmqVL23d2eaGKZ4GMTKC50m0sj01Unp5/s+X
	weSF1MKhvU8SJ0fSZdSoNN/MRw4XHpPpMJjMc1VJmnXTMMH29y8A3Tf1JpEledd25ilj
	W2ntEqIbZzbfBobZWthZe1MJSgwdt6Ua2xpq33hd74IH5IIDtx+UwUcjDBZyqm2g4pZ9
	n2jWtU3d+bUWAaAUQ0lLA4UAR2u9uL69VY0uZmkUvBz/gAxnOK8Cy9Ef0MAh7nGLOyzN
	w3Bg==
MIME-Version: 1.0
Received: by 10.68.241.165 with SMTP id wj5mr27312713pbc.76.1337622678567;
	Mon, 21 May 2012 10:51:18 -0700 (PDT)
Received: by 10.68.203.229 with HTTP; Mon, 21 May 2012 10:51:18 -0700 (PDT)
In-Reply-To: <4FBA7935.7090000@ifdnrg.com>
References: <20120521120027.716761065686@hub.freebsd.org>
	<20120521232412.B98171@sola.nimnet.asn.au>
	<4FBA5FB3.5010900@ifdnrg.com>
	<CAHu1Y719HRS2-tNKTZa5qaeyG78F6KXKrTEkphF9PYSGfPBGNw@mail.gmail.com>
	<4FBA66DA.7040902@ifdnrg.com> <4FBA7935.7090000@ifdnrg.com>
Date: Mon, 21 May 2012 10:51:18 -0700
Message-ID: <CAHu1Y70joT1mmmXFYJa7e8=4YbU=GPqjXLZiiWtzkvGsUD61iA@mail.gmail.com>
From: Michael Sierchio <kudzu@tenebras.com>
To: Paul Macdonald <paul@ifdnrg.com>
Content-Type: text/plain; charset=ISO-8859-1
X-Gm-Message-State: ALoCoQmfeGFxbb5e51zlsq2T7A8WwyAEVSWLm0wgjaf9N0c/zH5Zvzhow93cCeK/wjE1Oj10+SkL
Cc: Ian Smith <smithi@nimnet.asn.au>, freebsd-questions@freebsd.org
Subject: Re: ipfw subnetting
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 21 May 2012 17:51:19 -0000

On Mon, May 21, 2012 at 10:19 AM, Paul Macdonald <paul@ifdnrg.com> wrote:

> this is now resolved, i hadn't realised (embarrassingly) that ipfw list will
> show rules if if the fw is disabled.

You should consider using tables, which allow you to add ad hoc nets,
etc. and you can swap rulesets atomically so you can manipulate tables
and then deploy them.

ipfw add deny ip from table\(1\) to any

etc.