From owner-freebsd-users-jp@freebsd.org  Thu Jun 30 09:07:24 2016
Return-Path: <owner-freebsd-users-jp@freebsd.org>
Delivered-To: freebsd-users-jp@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id E1B8DB863EE
 for <freebsd-users-jp@mailman.ysv.freebsd.org>;
 Thu, 30 Jun 2016 09:07:24 +0000 (UTC)
 (envelope-from maruyama@ism.ac.jp)
Received: from garbha.ism.ac.jp (garbha.ism.ac.jp [133.58.120.13])
 by mx1.freebsd.org (Postfix) with ESMTP id 9FDC92412
 for <freebsd-users-jp@freebsd.org>; Thu, 30 Jun 2016 09:07:24 +0000 (UTC)
 (envelope-from maruyama@ism.ac.jp)
Received: from indra.ism.ac.jp (garbha.ism.ac.jp [133.58.120.13])
 by garbha.ism.ac.jp (8.15.2/8.15.2) with ESMTPS id u5U97MgY056854
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
 Thu, 30 Jun 2016 18:07:23 +0900 (JST)
 (envelope-from maruyama@ism.ac.jp)
Received: (from maruyama@localhost)
 by indra.ism.ac.jp (8.15.2/8.15.2/Submit) id u5U97Mwv016874;
 Thu, 30 Jun 2016 18:07:22 +0900 (JST)
 (envelope-from maruyama@ism.ac.jp)
X-Authentication-Warning: indra.ism.ac.jp: maruyama set sender to
 maruyama@ism.ac.jp using -f
From: maruyama@ism.ac.jp (=?iso-2022-jp?B?GyRCNF07M0Q+PjsbKEI=?=)
To: freebsd-users-jp@freebsd.org
In-Reply-To: <ydlk2h783zc.fsf@indra.ism.ac.jp> (maruyama@ism.ac.jp)
Organization: =?iso-2022-jp?B?GyRCRX03Vz90TX04JjVmPWobKEI=?=
Reply-To: maruyama@ism.ac.jp
Date: Thu, 30 Jun 2016 18:07:22 +0900
Message-ID: <ydlh9cb82ph.fsf@indra.ism.ac.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-2022-jp
Subject: [FreeBSD-users-jp 95831] Re: =?iso-2022-jp?b?aXBmdxskQiRIGyhCRE5T?=
X-BeenThere: freebsd-users-jp@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion relevant to FreeBSD communities in Japan
 <freebsd-users-jp.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-users-jp>, 
 <mailto:freebsd-users-jp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-users-jp/>
List-Post: <mailto:freebsd-users-jp@freebsd.org>
List-Help: <mailto:freebsd-users-jp-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-users-jp>, 
 <mailto:freebsd-users-jp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jun 2016 09:07:25 -0000

統計数理研究所の丸山です。

ちょっと補足しておきます。普通 localhost からのアクセスは全部 allow して
いるので、

>        ipfw -q add 110 allow ip from 133.58.124.49 to any

などということはまずやりません。実際

>00020 allow ip from any to any via lo0

ですから、普通に考えれば、

>00110 allow ip from 133.58.124.49 to any

は不要なはずだと思います。私がこの問題に目を向けたのは

ipfw -q add 110 allow ip from 133.58.124.0:255.255.255.0 to any

と、 default interface があるサブネットを丸ごと allow しようとした時でし
た。これは運用上実際に必要になる場合があると思います。

自宅の NATセグメントに繋がる PC[192.168.255.1]では、仕方なく、

ipfw -q add 110 allow ip from 192.168.255.2:255.255.255.2 to any
ipfw -q add 110 allow ip from 192.168.255.4:255.255.255.4 to any
ipfw -q add 110 allow ip from 192.168.255.8:255.255.255.8 to any
ipfw -q add 110 allow ip from 192.168.255.16:255.255.255.16 to any
ipfw -q add 110 allow ip from 192.168.255.32:255.255.255.32 to any
ipfw -q add 110 allow ip from 192.168.255.64:255.255.255.64 to any
ipfw -q add 110 allow ip from 192.168.255.128:255.255.255.128 to any

としていますが、ちょっと泣けてきます。

--------
丸山直昌＠統計数理研究所