Date: Tue, 23 Dec 2003 22:24:11 -0800 From: hugle <hugle@vkt.lt> To: Robert Chalmers <robert@the-mission-of-our-lady-of-fatima.org>, security <freebsd-security@FreeBSD.org> Subject: Re: address specified as 1.2.3.4/24{128,35-55,89} Is this Correct ???? Message-ID: <103305460579.20031223222411@vkt.lt> In-Reply-To: <004301c3c9d3$b0219860$1a6001cb@chalmers.com.au> References: <004301c3c9d3$b0219860$1a6001cb@chalmers.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
RC> The man page gives this example, however, when I attempt to use it, it seems RC> to block the whole set? RC> Could someone tell me what's going wrong here please. Thanks heaps.. RC> This works, RC> ${fwcmd} add deny log all from any to 203.1.96.1 in via ${oif} RC> This blocks the whole IP block, not just the list? RC> ${fwcmd} add deny log all from any to RC> 203.1.96.0/24{2,6-25,27-154,156-19 9,204-254} in via ${oif} maybe "156-19 9" ? You have a space ( " " ) in here, so try out: ${fwcmd} add deny log all from any to 203.1.96.0/24{2,6-25,27-154,156-199,204-254} in via ${oif} RC> the man page bit... RC> list: {num | num-num}[,list] RC> Matches all addresses with base address addr (specified as a RC> dot- RC> ted quad or a hostname) and whose last byte is in the list RC> between braces { } . Note that there must be no spaces between RC> braces and numbers (spaces after commas are allowed). Elements RC> of the list can be specified as single entries or ranges. The RC> masklen field is used to limit the size of the set of RC> addresses, RC> and can have any value between 24 and 32. If not specified, it RC> will be assumed as 24. RC> This format is particularly useful to handle sparse address RC> sets RC> within a single rule. Because the matching occurs using a bit- RC> mask, it takes constant time and dramatically reduces the com- RC> plexity of rulesets. RC> As an example, an address specified as 1.2.3.4/24{128,35-55,89} RC> will match the following IP addresses: RC> 1.2.3.128, 1.2.3.35 to 1.2.3.55, 1.2.3.89 . RC> Thanks RC> Robert RC> _______________________________________________ RC> freebsd-security@freebsd.org mailing list RC> http://lists.freebsd.org/mailman/listinfo/freebsd-security RC> To unsubscribe, send any mail to RC> "freebsd-security-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?103305460579.20031223222411>