From owner-freebsd-security@FreeBSD.ORG Tue Dec 23 22:24:57 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE98616A4CE for ; Tue, 23 Dec 2003 22:24:57 -0800 (PST) Received: from tequila.4you.lt (tequila.4you.lt [212.122.68.216]) by mx1.FreeBSD.org (Postfix) with SMTP id 5925443D3F for ; Tue, 23 Dec 2003 22:24:55 -0800 (PST) (envelope-from hugle@vkt.lt) Received: (qmail 70691 invoked by uid 0); 24 Dec 2003 06:20:45 -0000 Received: from hugle@vkt.lt by tequila by uid 82 with qmail-scanner-1.20rc1 (. Clear:RC:1:. Processed in 0.097171 secs); 24 Dec 2003 06:20:45 -0000 Received: from unknown (HELO 127.0.0.1) (213.252.192.162) by tequila.4you.lt with SMTP; 24 Dec 2003 06:20:44 -0000 Date: Tue, 23 Dec 2003 22:24:11 -0800 From: hugle X-Mailer: The Bat! (v2.01) X-Priority: 3 (Normal) Message-ID: <103305460579.20031223222411@vkt.lt> To: Robert Chalmers , security In-Reply-To: <004301c3c9d3$b0219860$1a6001cb@chalmers.com.au> References: <004301c3c9d3$b0219860$1a6001cb@chalmers.com.au> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Re: address specified as 1.2.3.4/24{128,35-55,89} Is this Correct ???? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: hugle List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Dec 2003 06:24:57 -0000 RC> The man page gives this example, however, when I attempt to use it, it seems RC> to block the whole set? RC> Could someone tell me what's going wrong here please. Thanks heaps.. RC> This works, RC> ${fwcmd} add deny log all from any to 203.1.96.1 in via ${oif} RC> This blocks the whole IP block, not just the list? RC> ${fwcmd} add deny log all from any to RC> 203.1.96.0/24{2,6-25,27-154,156-19 9,204-254} in via ${oif} maybe "156-19 9" ? You have a space ( " " ) in here, so try out: ${fwcmd} add deny log all from any to 203.1.96.0/24{2,6-25,27-154,156-199,204-254} in via ${oif} RC> the man page bit... RC> list: {num | num-num}[,list] RC> Matches all addresses with base address addr (specified as a RC> dot- RC> ted quad or a hostname) and whose last byte is in the list RC> between braces { } . Note that there must be no spaces between RC> braces and numbers (spaces after commas are allowed). Elements RC> of the list can be specified as single entries or ranges. The RC> masklen field is used to limit the size of the set of RC> addresses, RC> and can have any value between 24 and 32. If not specified, it RC> will be assumed as 24. RC> This format is particularly useful to handle sparse address RC> sets RC> within a single rule. Because the matching occurs using a bit- RC> mask, it takes constant time and dramatically reduces the com- RC> plexity of rulesets. RC> As an example, an address specified as 1.2.3.4/24{128,35-55,89} RC> will match the following IP addresses: RC> 1.2.3.128, 1.2.3.35 to 1.2.3.55, 1.2.3.89 . RC> Thanks RC> Robert RC> _______________________________________________ RC> freebsd-security@freebsd.org mailing list RC> http://lists.freebsd.org/mailman/listinfo/freebsd-security RC> To unsubscribe, send any mail to RC> "freebsd-security-unsubscribe@freebsd.org"