From owner-freebsd-doc@FreeBSD.ORG Fri Sep 5 09:20:20 2003 Return-Path: Delivered-To: freebsd-doc@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6130716A4BF for ; Fri, 5 Sep 2003 09:20:20 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id BCF0743FF5 for ; Fri, 5 Sep 2003 09:20:19 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h85GKJUp005578 for ; Fri, 5 Sep 2003 09:20:19 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h85GKJFI005577; Fri, 5 Sep 2003 09:20:19 -0700 (PDT) Date: Fri, 5 Sep 2003 09:20:19 -0700 (PDT) Message-Id: <200309051620.h85GKJFI005577@freefall.freebsd.org> To: freebsd-doc@FreeBSD.org From: Peter Pentchev Subject: Re: docs/56021: Documentation incorrect for mac in ipfw2 X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Peter Pentchev List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Sep 2003 16:20:20 -0000 The following reply was made to PR docs/56021; it has been noted by GNATS. From: Peter Pentchev To: Glen Gibb Cc: bug-followup@FreeBSD.org, ipfw@FreeBSD.org Subject: Re: docs/56021: Documentation incorrect for mac in ipfw2 Date: Fri, 5 Sep 2003 19:19:15 +0300 On Wed, Aug 27, 2003 at 11:07:21AM +1000, Glen Gibb wrote: > > >Number: 56021 > >Category: docs > >Synopsis: Documentation incorrect for mac in ipfw2 > >Originator: Glen Gibb > >Release: FreeBSD 5.1-CURRENT i386 [snip] > >Description: > > The man page for ipfw (IPFW2) is incomplete/misleading in regards to > the "mac" option in the RULE OPTIONS section. > > The man page states that the address can be "optionally followed by a > mask indicating how many bits are significant, as in MAC > 10:20:30:40:50:60/33 any". This IS correct but it does not mention the > second method of specifying a bit mask, that is by following the > address with an ampersand (&) followed by the bitmask whcich is > specified using the same format as the address. For example, if we > wanted to match any mac address that ended with 60, we could use the > following mask: > > MAC 00:00:00:00:50:60&00:00:00:00:00:ff What do you think about the following patch? G'luck, Peter -- Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence was in the past tense. Index: src/sbin/ipfw/ipfw.8 =================================================================== RCS file: /home/ncvs/src/sbin/ipfw/ipfw.8,v retrieving revision 1.131 diff -u -r1.131 ipfw.8 --- src/sbin/ipfw/ipfw.8 22 Jul 2003 07:41:24 -0000 1.131 +++ src/sbin/ipfw/ipfw.8 5 Sep 2003 16:12:41 -0000 @@ -1046,11 +1046,31 @@ .Cm any keyword (matching any MAC address), or six groups of hex digits separated by colons, -and optionally followed by a mask indicating how many bits are -significant, as in +and optionally followed by a mask indicating the significant bits. +The mask may be specified using either of the following methods: +.Bl -enum -width indent +.It +A slash +.Pq / +followed by the number of significant bits. +For example, an address with 33 significant bits could be specified as: .Pp .Dl "MAC 10:20:30:40:50:60/33 any" .Pp +.It +An ampersand +.Pq & +followed by a bitmask specified as six groups of hex digits separated +by colons. +For example, an address in which the last 16 bits are significant could +be specified as: +.Pp +.Dl "MAC 10:20:30:40:50:60&00:00:00:00:00:ff any" +.Pp +Note that the ampersand character has a special meaning in many shells +and should generally be escaped. +.Pp +.El Note that the order of MAC addresses (destination first, source second) is the same as on the wire, but the opposite of the one used for