Date: Wed, 15 Jan 1997 11:14:32 -0800 (PST) From: "Eric J. Schwertfeger" <ejs@bfd.com> To: Nate Williams <nate@mt.sri.com> Cc: phk@FreeBSD.ORG, current@FreeBSD.ORG Subject: Re: ipfw cannot do this... Message-ID: <Pine.BSF.3.95.970115111042.1500L-100000@harlie> In-Reply-To: <199701151643.JAA05590@rocky.mt.sri.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 15 Jan 1997, Nate Williams wrote: > > I just found out one thing we need in ipfw, the ability to inverse the > > sense of a rule: > > > > ipfw add deny not ip from 140.145.0.0 to any via ed0 > > ipfw add deny not ip from any to 140.145.0.0 via ed1 > > ^^^ > > ipfw add allow tcp from any to any 23 > > ipfw add allow tcp from any to any 25 > > ... > > > > any takers ? > > I'm not sure I follow what you want. What exactly are you trying to do? As someone that wants something like this, I think I can answer. Quite a few times, I've wanted to deny everything but a certain address range, and then further restrict that address range. Actually, what I really want is an ipfw add skip XXX ... where if something matches the rule, skip all other rules below XXX (yes, I always number my rules:-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.970115111042.1500L-100000>