Date: Sat, 2 Oct 2004 06:12:02 -0300 From: =?iso-8859-1?Q?Juli=E3o_Braga_-_Rede_Pegasus?= <jb@redepegasus.com.br> To: <freebsd-ipfw@freebsd.org> Subject: ipfw2 syntax to specify address sets and or-blocks Message-ID: <005101c4a85f$e16d6960$aa6fc3c8@redepegasus.com.br>
next in thread | raw e-mail | index | archive | help
Hi,
I'm using a 5.2.1 version:
[root@unidade1 root]# uname -a
FreeBSD unidade1.redepegasus.com.br 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0:
Fri Jun 18 15:08:10 BRT 2004
root@unidade1.redepegasus.com.br:/usr/src/sys/i386/compile/UNIDADE1 i386
and created the following rules:
ipsmsn="{ 192.168.0.0/24{1,6,23,58,65,111} or 192.168.1.0/24{32,34,60} or
192.168.3.0/24{4} }"
...
ipfw add 00200 check-state
...
#KAZAA/MSN/YAHOO
ipfw add 40210 allow all from any to ${ipsmsn} 1863,5050,5190 keep-state
ipfw add 40211 allow all from ${ipsmsn} to any 1863,5050,5190 keep-state
#additional MSN ports
ipfw add 40212 allow all from any to ${ipsmsn}
6891-6901,6801,2001-2120,7801-7825 keep-state
ipfw add 40213 allow all from ${ipsmsn} to any
6891-6901,6801,2001-2120,7801-7825 keep-state
ipfw add 40214 deny all from any to any 6891-6901,6801,2001-2120,7801-7825
keep-state
ipfw add 40223 deny all from any to any 5190 keep-state # ICQ deny
And I'm getting from ipfw -a l:
...
40210 0 0 allow ip from any to 0.0.7.71,0.0.19.186,0.0.20.70
keep-state
Some help about?
Thank you,
Juliao
---
Rede Pegasus
http://www.redepegasus.com.br
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?005101c4a85f$e16d6960$aa6fc3c8>