From owner-freebsd-ipfw@FreeBSD.ORG Fri Sep 5 09:19:20 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E2A9716A4C0 for ; Fri, 5 Sep 2003 09:19:20 -0700 (PDT) Received: from gandalf.online.bg (gandalf.online.bg [217.75.128.9]) by mx1.FreeBSD.org (Postfix) with SMTP id A442043FF5 for ; Fri, 5 Sep 2003 09:19:18 -0700 (PDT) (envelope-from roam@ringlet.net) Received: (qmail 19987 invoked from network); 5 Sep 2003 16:11:34 -0000 Received: from office.sbnd.net (HELO straylight.ringlet.net) (217.75.140.130) by gandalf.online.bg with SMTP; 5 Sep 2003 16:11:33 -0000 Received: (qmail 85369 invoked by uid 1000); 5 Sep 2003 16:19:15 -0000 Date: Fri, 5 Sep 2003 19:19:15 +0300 From: Peter Pentchev To: Glen Gibb Message-ID: <20030905161915.GG556@straylight.oblivion.bg> References: <200308270107.h7R17L23047514@genesis.ridley.unimelb.edu.au> Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline In-Reply-To: <200308270107.h7R17L23047514@genesis.ridley.unimelb.edu.au> User-Agent: Mutt/1.5.4i cc: ipfw@FreeBSD.org cc: bug-followup@FreeBSD.org Subject: Re: docs/56021: Documentation incorrect for mac in ipfw2 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Sep 2003 16:19:21 -0000 On Wed, Aug 27, 2003 at 11:07:21AM +1000, Glen Gibb wrote: > > >Number: 56021 > >Category: docs > >Synopsis: Documentation incorrect for mac in ipfw2 > >Originator: Glen Gibb > >Release: FreeBSD 5.1-CURRENT i386 [snip] > >Description: > > The man page for ipfw (IPFW2) is incomplete/misleading in regards to > the "mac" option in the RULE OPTIONS section. > > The man page states that the address can be "optionally followed by a > mask indicating how many bits are significant, as in MAC > 10:20:30:40:50:60/33 any". This IS correct but it does not mention the > second method of specifying a bit mask, that is by following the > address with an ampersand (&) followed by the bitmask whcich is > specified using the same format as the address. For example, if we > wanted to match any mac address that ended with 60, we could use the > following mask: > > MAC 00:00:00:00:50:60&00:00:00:00:00:ff What do you think about the following patch? G'luck, Peter -- Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence was in the past tense. Index: src/sbin/ipfw/ipfw.8 =================================================================== RCS file: /home/ncvs/src/sbin/ipfw/ipfw.8,v retrieving revision 1.131 diff -u -r1.131 ipfw.8 --- src/sbin/ipfw/ipfw.8 22 Jul 2003 07:41:24 -0000 1.131 +++ src/sbin/ipfw/ipfw.8 5 Sep 2003 16:12:41 -0000 @@ -1046,11 +1046,31 @@ .Cm any keyword (matching any MAC address), or six groups of hex digits separated by colons, -and optionally followed by a mask indicating how many bits are -significant, as in +and optionally followed by a mask indicating the significant bits. +The mask may be specified using either of the following methods: +.Bl -enum -width indent +.It +A slash +.Pq / +followed by the number of significant bits. +For example, an address with 33 significant bits could be specified as: .Pp .Dl "MAC 10:20:30:40:50:60/33 any" .Pp +.It +An ampersand +.Pq & +followed by a bitmask specified as six groups of hex digits separated +by colons. +For example, an address in which the last 16 bits are significant could +be specified as: +.Pp +.Dl "MAC 10:20:30:40:50:60&00:00:00:00:00:ff any" +.Pp +Note that the ampersand character has a special meaning in many shells +and should generally be escaped. +.Pp +.El Note that the order of MAC addresses (destination first, source second) is the same as on the wire, but the opposite of the one used for