From owner-freebsd-security@FreeBSD.ORG Sat Dec 27 14:38:51 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CB86A16A4CE for ; Sat, 27 Dec 2003 14:38:51 -0800 (PST) Received: from nanguo.chalmers.com.au (220-244-9-90-qld.tpgi.com.au [220.244.9.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 369F743D3F for ; Sat, 27 Dec 2003 14:38:48 -0800 (PST) (envelope-from robert@chalmers.com.au) Received: from carbon (carbon.chalmers.com.au [203.1.96.26]) hBRMcjtd011822 for ; Sun, 28 Dec 2003 08:38:46 +1000 (EST) X-Authentication-Warning: nanguo.chalmers.com.au: Host carbon.chalmers.com.au [203.1.96.26] claimed to be carbon Message-ID: <001c01c3ccca$302977f0$1a6001cb@chalmers.com.au> From: "Robert Chalmers" To: References: <004301c3c9d3$b0219860$1a6001cb@chalmers.com.au> <20031227115551.GB604@hhos.serious.ld> Date: Sun, 28 Dec 2003 08:38:45 +1000 Organization: The Mission of Our Lady of Fatima MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Re: address specified as 1.2.3.4/24{128,35-55,89} Is this Correct???? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Robert Chalmers List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Dec 2003 22:38:51 -0000 Hi, Thanks. I was only running ipfw, not ipfw2. Put ipfw2 in place and all = probelms solved. cheers Robert ----- Original Message -----=20 From: zk=20 To: freebsd-security@freebsd.org=20 Sent: Saturday, December 27, 2003 9:55 PM Subject: Re: address specified as 1.2.3.4/24{128,35-55,89} Is this = Correct???? On Wed, Dec 24, 2003 at 02:09:12PM +1000, Robert Chalmers wrote: > The man page gives this example, however, when I attempt to use it, = it seems > to block the whole set? >=20 > Could someone tell me what's going wrong here please. Thanks heaps.. >=20 > This works, > ${fwcmd} add deny log all from any to 203.1.96.1 in via = ${oif} >=20 > This blocks the whole IP block, not just the list? > ${fwcmd} add deny log all from any to = 203.1.96.0/24{2,6-25,27-154,156-19 9,204-254} in via ${oif} >=20 Do you use ipfw2? It's not default on FreeBSD 4.x systems. And maybe you should quote {} ${fwcmd} add deny log all from any to = '203.1.96.0/24{2,6-25,27-154,156-199,204-254}' (...) zk _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to = "freebsd-security-unsubscribe@freebsd.org"