From owner-freebsd-pf@FreeBSD.ORG Sun Aug 13 14:15:33 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3CFB916A4E5 for ; Sun, 13 Aug 2006 14:15:33 +0000 (UTC) (envelope-from bill.marquette@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.178]) by mx1.FreeBSD.org (Postfix) with ESMTP id 803DF43D49 for ; Sun, 13 Aug 2006 14:15:32 +0000 (GMT) (envelope-from bill.marquette@gmail.com) Received: by py-out-1112.google.com with SMTP id c59so732840pyc for ; Sun, 13 Aug 2006 07:15:31 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=bUSrCpF4VwuvoNUOHsQAmAFMuxGw45ASVDlaAhv9L4VJh9niC3yf8DHyt/TaWY5YieSywS+580+m15x/yNZBdEWjLrZiNwmDYH0MBH/XrgL2nKKAts8o/DfXv9dE0lJkFxqC+keQ5qflb4mXWyeRKh8OZPQ7zyfVCBqc5799CBQ= Received: by 10.35.114.16 with SMTP id r16mr10915343pym; Sun, 13 Aug 2006 07:15:31 -0700 (PDT) Received: by 10.35.131.17 with HTTP; Sun, 13 Aug 2006 07:15:31 -0700 (PDT) Message-ID: <55e8a96c0608130715q39516086hf8fe309115af4b0@mail.gmail.com> Date: Sun, 13 Aug 2006 09:15:31 -0500 From: "Bill Marquette" To: beno In-Reply-To: <44DF1004.9060706@2012.vi> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <44DE0291.8060705@2012.vi> <200608121849.25139.max@love2party.net> <44DF1004.9060706@2012.vi> Cc: freebsd-pf@freebsd.org Subject: Re: IP Address List X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Aug 2006 14:15:33 -0000 On 8/13/06, beno wrote: > Travis H. wrote: > > Read http://catb.org/~esr/faqs/smart-questions.html > > Then see the pf FAQ. > > Try loading it, then displaying the rules it loaded. > > This mlist is for questions that can't be answered by simple things > > like that. Actually, all mailing lists have that characteristic, save > > perhaps those meant for novices. > > And the specification style he used was called CIDR, another thing to > > wikipedia. > Travis, if I had known what a CIDR was, then I wouldn't have bothered > with the question. Since I didn't know what a CIDR was, how can you say > my question wasn't *smart*? How could I possibly have found the answer > when I didn't know the question? You're being most unfair. I'm doing the > best I can here. > beno That's funny considering if you read the pf.conf man page or even tried it you wouldn't have asked the question. The BNF syntax at the bottom of that page is quite explicit about what is and isn't allowed. For example, the host syntax: host = [ "!" ] ( address [ "/" mask-bits ] | "<" string ">" ) Sure doesn't look like it takes a range to me...but hmmm, what's that funny mask-bits thing? And what's the reference to CIDR addresses here: from _source_ port _source_ os _source_ to _dest_ port _dest_ This rule applies only to packets with the specified source and destination addresses and ports. Addresses can be specified in CIDR notation (matching netblocks), as symbolic host names or interface names, or as any of the follow- ing keywords: No, if you'd read the man page, you'd have questions that you good have googled for, or at least had a smart question such as "what does mask-bits mean?" Further, _trying_ the syntax you asked about would have given you the answer to your question on whether it works or not. --Bill