Date: Wed, 18 Sep 1996 02:51:28 +0000 (GMT) From: Adam David <adam@veda.is> To: freebsd-hackers@freebsd.org Subject: IPFW !IP# Message-ID: <199609180251.CAA11480@veda.is>
next in thread | raw e-mail | index | archive | help
I can implement exclusion of a block of IP addresses at low execution cost.
Does anyone dislike this idea? Which flags mask would be more preferred for
this purpose, 0xc000 or 0x0003? (does anything already use 0x0003?)
Are the unused flags perhaps reserved for something more useful than this?
# ipfw add deny all from !${my_network}:${my_netmask} to any out via ${gate_if}
# ipfw add deny all from any to !${my_network}:${my_netmask} in via ${gate_if}
This set of 2 rules would otherwise take 48 rules to enforce for a class C
network with a single domain gateway, for instance.
--
Adam David <adam@veda.is>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609180251.CAA11480>