From owner-freebsd-questions@FreeBSD.ORG Mon May 12 01:41:16 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7ED6A37B401 for ; Mon, 12 May 2003 01:41:15 -0700 (PDT) Received: from smtp.infracaninophile.co.uk (happy-idiot-talk.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7C45643F3F for ; Mon, 12 May 2003 01:41:13 -0700 (PDT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [127.0.0.1]) h4C8f7JG031952 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 12 May 2003 09:41:07 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)h4C8f7Ja031951; Mon, 12 May 2003 09:41:07 +0100 (BST) (envelope-from matthew) Date: Mon, 12 May 2003 09:41:07 +0100 From: Matthew Seaman To: Darren Pilgrim Message-ID: <20030512084107.GA31571@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , Darren Pilgrim , questions@freebsd.org References: <20030511230141.3b7720db.dmp@pantherdragon.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="mYCpIKhGyMATD0i+" Content-Disposition: inline In-Reply-To: <20030511230141.3b7720db.dmp@pantherdragon.org> User-Agent: Mutt/1.5.4i X-Spam-Status: No, hits=-35.6 required=5.0 tests=EMAIL_ATTRIBUTION,IN_REP_TO,PGP_SIGNATURE_2,REFERENCES, REPLY_WITH_QUOTES,USER_AGENT_MUTT version=2.53 X-Spam-Checker-Version: SpamAssassin 2.53 (1.174.2.15-2003-03-30-exp) cc: questions@freebsd.org Subject: Re: ipfw's "or-blocks" feature isn't working? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 May 2003 08:41:16 -0000 --mYCpIKhGyMATD0i+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, May 11, 2003 at 11:01:41PM -0700, Darren Pilgrim wrote: > In my ruleset I have a rule with an "or-block" in it: >=20 > ipfw add pass tcp from \{ ${oip} or ${inet} \} to 192.168.100.1 80 keep-s= tate >=20 > But when ipfw loads the rules, it returns "ipfw: hostname ''{'' unknown".= The > man page says the syntax is fine, so I'm stumped. Can someone explain wh= y this > isn't working? That's an IPFW2 feature. I guess you're using a fairly recent version of FreeBSD 4.x, but you haven't recompiled your world with the IPFW2 support enabled? See the sections "USING IPFW2 IN FreeBSD-STABLE" and "IPFW2 ENHANCEMENTS" in the ipfw(8) man page. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --mYCpIKhGyMATD0i+ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE+v14jdtESqEQa7a0RAgOyAJwOm3FA2V0lLpWz38REjM/jf3QAogCggXjg rSccvurOYILhW15/M7C3xao= =tGK6 -----END PGP SIGNATURE----- --mYCpIKhGyMATD0i+--