Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 01 Sep 2002 14:19:30 -0500
From:      "Jeffrey J. Mountin" <jeff-ml@mountin.net>
To:        Luigi Rizzo <luigi@FreeBSD.ORG>
Cc:        Kenneth W Cochran <kwc@TheWorld.com>, freebsd-stable@FreeBSD.ORG
Subject:   Re: IPFW2 option in -stable kernel config
Message-ID:  <4.3.2.20020901130809.02182210@207.227.119.2>
In-Reply-To: <20020831191318.A71479@iguana.icir.org>
References:  <4.3.2.20020831183206.00dd5580@207.227.119.2> <4.3.2.20020831112817.00e57e30@207.227.119.2> <200208311312.JAA118809063@shell.TheWorld.com> <4.3.2.20020831112817.00e57e30@207.227.119.2> <20020831150538.A69952@iguana.icir.org> <4.3.2.20020831183206.00dd5580@207.227.119.2>
next in thread | previous in thread | raw e-mail | index | archive | help 
At 07:13 PM 8/31/02 -0700, Luigi Rizzo wrote:
>On Sat, Aug 31, 2002 at 06:49:48PM -0500, Jeffrey J. Mountin wrote:
>...
> > >ranges are limited to /24 or larger masks (partly to simplify parsing,
>
>for larger i meant /25 ... /32 i.e. smaller sets

Easy to interpret either way.  ;)


> > So how does it work with something larger than a /24?  In my last 
> message I
> > used:
> >
> > ... ip from 1.2.36.0/22{36.1,37.2,38.3,39.4} to ...
> >
> > Is this correct?
> >
> > And if what I gather from your reply then one could do:
> >
> > ... ip from 0.0.0.0/0{1.2.3.4,2.3.4.5,3.4.5.6} to ...
> >
> > Or is that asking too much?  8-)
>
>you _can_ write it as { 1.2.3.4 or 2.3.4.5 or 3.4.5.6 }
>but of course it is going to check all addresses sequentially.

Walked into that, but it's a potentially useful option to condense 
rulesets.  Same with the former option were only it supported.  Then it is 
as well by doing:

{ 1.2.36.1 or 1.2.37.2 or 1.2.38.3 or 1.2.39.4 }

It does make sense that only /24 - /32 masks, just the other way is 
shorter.  Not sure how many could use this and as you say it does add 
overhead with a larger bitmap.


> > So for now it can only be a comma separated list and only port values can
> > use ranges.  Right?
>
>yes. Port values and MAC types and (i think) some icmp options, same as ipfw1

Last question I can think of for syntax is the allowance of whitespace 
(tab|space) inside the curly braces.  Are they allowed when using the 
1.2.3.4{5,10,20} notation?  For longer lists it might help clarity.  Your 
examples and the man page suggest not.


Jeff Mountin - jeff@mountin.net
Systems/Network Administrator
FreeBSD - the power to serve


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.20020901130809.02182210>