From owner-freebsd-pf@FreeBSD.ORG Mon Aug 11 15:18:54 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3AA2B106567C for ; Mon, 11 Aug 2008 15:18:54 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.177]) by mx1.freebsd.org (Postfix) with ESMTP id C1E678FC16 for ; Mon, 11 Aug 2008 15:18:53 +0000 (UTC) (envelope-from max@love2party.net) Received: from vampire.homelinux.org (dslb-088-066-031-208.pools.arcor-ip.net [88.66.31.208]) by mrelayeu.kundenserver.de (node=mrelayeu5) with ESMTP (Nemesis) id 0ML25U-1KSZAa0vua-0006wV; Mon, 11 Aug 2008 17:18:52 +0200 Received: (qmail 19570 invoked from network); 11 Aug 2008 15:18:51 -0000 Received: from fbsd8.laiers.local (192.168.4.151) by laiers.local with SMTP; 11 Aug 2008 15:18:51 -0000 From: Max Laier Organization: FreeBSD To: freebsd-pf@freebsd.org Date: Mon, 11 Aug 2008 17:18:51 +0200 User-Agent: KMail/1.10.0 (FreeBSD/8.0-CURRENT; KDE/4.1.0; i386; ; ) References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200808111718.51616.max@love2party.net> X-Provags-ID: V01U2FsdGVkX1+G4uZYpY3gR445hBZ0HE7TC8Y0jNThAZIbt5/ mXaCwcDnRSa2jFxN41itKEys3uoQdnGgAxgWhwaqflQiJImGA1 3yxajV+rnEqfnJHr+nDCA== Cc: Subject: Re: Why the old version of pf? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Aug 2008 15:18:54 -0000 On Monday 11 August 2008 14:59:46 Redd Vinylene wrote: > Just curious why FreeBSD 7 has to use an old version of pf? There's > been so many improvements! It's a mixed bag, I'd say. I'm pondering an update to 4.3, but haven't found the time yet. And now 4.4 is in sight already and has a lot more stuff ... though there seem to be some problems with some of the new stuff ... Right now, the simple answer is just: It hasn't been done. > I'd very much like to use the new IP range > feature for instance, so I can reduce > > box = "{ 80.252.2.4, 80.252.2.5, 80.252.2.6, 80.252.2.7, 80.252.2.8, > ... > 80.252.2.124, 80.252.2.125, 80.252.2.126, 80.252.2.127 }" > > to > > box = "{ 80.252.2.4 - 80.252.2.127 }" Now, if that's your only problem I suggest that you read about netmasks and write the above as either table { 80.252.2.0/25, !80.252.2.3/30 } or box = "{ 80.252.2.64/26, 80.252.2.32/27, 80.252.2.16/28, \ 80.252.2.8/29, 80.252.2.4/30 }" as Nejc suggested. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News