Date: Sat, 22 Oct 2022 21:15:08 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 267278] ipfw mask addr:mask syntax creates wrong rule Message-ID: <bug-267278-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D267278 Bug ID: 267278 Summary: ipfw mask addr:mask syntax creates wrong rule Product: Base System Version: 13.1-STABLE Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: igor.polovykh@gmail.com man ipfw ip-addr: A host or subnet address specified in one of the following way= s: ............... addr:mask Matches all addresses with base addr (specified as an = IP address, a network number, or a hostname) and the mask= of mask, specified as a dotted quad. As an example, 1.2.3.4:255.0.255.0 or 1.0.3.0:255.0.255.0 will match 1.*.3.*. This form is advised only for non-contiguous masks. It is better to resort to the addr/masklen for= mat for contiguous masks, which is more compact and less e= r- ror-prone. ........... I tried to set rule to block many broadcasts from several subnets ipfw add deny ip from any to 1.2.0.255:0.0.255.0 but when I look at created rules table with 'ipfw show' I see: .... 03300 0 0 deny ip from any to 0.0.0.0:0.0.255.0 .... This is not I expected and manual page says about it. I expected: 03300 0 0 deny ip from any to 1.2.0.255:0.0.255.0 Perhaps I don't understand something. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-267278-227>