From owner-freebsd-security@FreeBSD.ORG  Sat Dec 27 03:55:58 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9256416A4CE
	for <freebsd-security@freebsd.org>;
	Sat, 27 Dec 2003 03:55:58 -0800 (PST)
Received: from ip-213-17-211-16.broker.com.pl (ip-213-17-211-16.broker.com.pl
	[213.17.211.16])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E4C3743D1F
	for <freebsd-security@freebsd.org>;
	Sat, 27 Dec 2003 03:55:55 -0800 (PST)	(envelope-from zk@wspim.edu.pl)
Received: from hhos.serious.ld (localhost.serious.ld [127.0.0.1])
	hBRBtqX8000859	for <freebsd-security@freebsd.org>;
	Sat, 27 Dec 2003 12:55:52 +0100 (CET)	(envelope-from zk@wspim.edu.pl)
Received: (from zk@localhost)
	by hhos.serious.ld (8.12.9p2/8.12.8/Submit) id hBRBtpWQ000858
	for freebsd-security@freebsd.org;
	Sat, 27 Dec 2003 12:55:51 +0100 (CET)
Date: Sat, 27 Dec 2003 12:55:51 +0100
From: zk <zk@wspim.edu.pl>
To: freebsd-security@freebsd.org
Message-ID: <20031227115551.GB604@hhos.serious.ld>
References: <004301c3c9d3$b0219860$1a6001cb@chalmers.com.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <004301c3c9d3$b0219860$1a6001cb@chalmers.com.au>
User-Agent: Mutt/1.4.1i
Subject: Re: address specified as 1.2.3.4/24{128,35-55,89} Is this Correct
	????
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Dec 2003 11:55:58 -0000

On Wed, Dec 24, 2003 at 02:09:12PM +1000, Robert Chalmers wrote:
> The man page gives this example, however, when I attempt to use it, it seems
> to block the whole set?
> 
> Could someone tell me what's going wrong here please. Thanks heaps..
> 
> This works,
>         ${fwcmd} add deny log all from any to 203.1.96.1 in via ${oif}
> 
> This blocks the whole IP block, not just the list?
>        ${fwcmd} add deny log all from any to 203.1.96.0/24{2,6-25,27-154,156-19 9,204-254} in via ${oif}
> 

Do you use ipfw2?
It's not default on FreeBSD 4.x systems.
And maybe you should quote {}
	${fwcmd} add deny log all from any to '203.1.96.0/24{2,6-25,27-154,156-199,204-254}' (...)

zk