From owner-freebsd-security  Thu May  9 15: 1:39 2002
Delivered-To: freebsd-security@freebsd.org
Received: from nexusxi.com (balistraria.nexusxi.com [216.123.202.196])
	by hub.freebsd.org (Postfix) with SMTP id 7909A37B409
	for <security@freebsd.org>; Thu,  9 May 2002 15:01:29 -0700 (PDT)
Received: (qmail 27156 invoked from network); 9 May 2002 22:01:28 -0000
Received: from unknown (HELO h410g3n.localnet) (204.209.140.10)
  by 0 with SMTP; 9 May 2002 22:01:28 -0000
Content-Type: text/plain;
  charset="iso-8859-1"
From: "Dalin S. Owen" <dowen@pstis.com>
Reply-To: dowen@pstis.com
Organization: Nexus XI Corp.
To: "Naughty Taz" <naughty_taz@hotmail.com>
Subject: Re: IPFW and IP/mask mathematics
Date: Thu, 9 May 2002 15:57:13 -0600
X-Mailer: KMail [version 1.4]
References: <001e01c1f79e$78612390$626a003e@homepc>
In-Reply-To: <001e01c1f79e$78612390$626a003e@homepc>
Cc: security@freebsd.org
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200205091557.13783.dowen@pstis.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


What kind of "traffic", I wil assume you want to block "all"=20
(tcp/udp/icmp/esp/ah/look in /etc/protocols for a list)....

/sbin/ipfw add allow all from 0.0.0.0 to XXX.128.0.0
/sbin/ipfw add deny all from XXX.128.0.0 to XXX.146.159.255
/sbin/ipfw add allow all from XXX.146.160.0 to 255.255.255.255

There ya go.. :)

On May 9, 2002 03:14 pm, Naughty Taz wrote:

> Hi all,
>
> I've been trying to get a ruleset for IPFW but was unable to figure out
> how to do it :(
> I'd appreciate it if someone can reply with the right ruleset for the
> following:
>
> 1) allow traffic from 0.0.0.0 - XXX.128.0.0
> 2) block traffic from XXX.128.0.0 - XXX.146.159.255
> 3) allow traffic from XXX.146.160.0 - 255.255.255.255
>
> Thanks in advance.
>
> /Taz
>
> P.S.: IP's are imaginary of course.
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message