From owner-freebsd-current Wed Jan 15 11:14:49 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id LAA17931 for current-outgoing; Wed, 15 Jan 1997 11:14:49 -0800 (PST) Received: from horst.bfd.com (horst.bfd.com [204.160.242.10]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id LAA17918; Wed, 15 Jan 1997 11:14:44 -0800 (PST) Received: from harlie (bastion.bfd.com [204.160.242.14]) by horst.bfd.com (8.7.6/8.7.3) with SMTP id LAA25940; Wed, 15 Jan 1997 11:14:32 -0800 (PST) Date: Wed, 15 Jan 1997 11:14:32 -0800 (PST) From: "Eric J. Schwertfeger" X-Sender: ejs@harlie To: Nate Williams cc: phk@FreeBSD.ORG, current@FreeBSD.ORG Subject: Re: ipfw cannot do this... In-Reply-To: <199701151643.JAA05590@rocky.mt.sri.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-current@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Wed, 15 Jan 1997, Nate Williams wrote: > > I just found out one thing we need in ipfw, the ability to inverse the > > sense of a rule: > > > > ipfw add deny not ip from 140.145.0.0 to any via ed0 > > ipfw add deny not ip from any to 140.145.0.0 via ed1 > > ^^^ > > ipfw add allow tcp from any to any 23 > > ipfw add allow tcp from any to any 25 > > ... > > > > any takers ? > > I'm not sure I follow what you want. What exactly are you trying to do? As someone that wants something like this, I think I can answer. Quite a few times, I've wanted to deny everything but a certain address range, and then further restrict that address range. Actually, what I really want is an ipfw add skip XXX ... where if something matches the rule, skip all other rules below XXX (yes, I always number my rules:-)