From owner-freebsd-doc@FreeBSD.ORG  Wed Oct  4 17:30:23 2006
Return-Path: <owner-freebsd-doc@FreeBSD.ORG>
X-Original-To: doc@freebsd.org
Delivered-To: freebsd-doc@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 54E4916A416
	for <doc@freebsd.org>; Wed,  4 Oct 2006 17:30:23 +0000 (UTC)
	(envelope-from keramida@freebsd.org)
Received: from igloo.linux.gr (igloo.linux.gr [62.1.205.36])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9166943D6B
	for <doc@freebsd.org>; Wed,  4 Oct 2006 17:30:21 +0000 (GMT)
	(envelope-from keramida@freebsd.org)
Received: from gothmog.pc (host5.bedc.ondsl.gr [62.103.39.229])
	(authenticated bits=128)
	by igloo.linux.gr (8.13.8/8.13.8/Debian-2) with ESMTP id k94HU2nU016546
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
	Wed, 4 Oct 2006 20:30:05 +0300
Received: from gothmog.pc (gothmog [127.0.0.1])
	by gothmog.pc (8.13.8/8.13.8) with ESMTP id k94HUeWP016953;
	Wed, 4 Oct 2006 20:30:40 +0300 (EEST)
	(envelope-from keramida@freebsd.org)
Received: (from giorgos@localhost)
	by gothmog.pc (8.13.8/8.13.8/Submit) id k94HUZlA016952;
	Wed, 4 Oct 2006 20:30:35 +0300 (EEST)
	(envelope-from keramida@freebsd.org)
Date: Wed, 4 Oct 2006 20:30:35 +0300
From: Giorgos Keramidas <keramida@freebsd.org>
To: Josh Paetzel <josh@tcbug.org>
Message-ID: <20061004173035.GB16716@gothmog.pc>
References: <200609282300.53946.josh@tcbug.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200609282300.53946.josh@tcbug.org>
X-Hellug-MailScanner: Found to be clean
X-Hellug-MailScanner-SpamCheck: not spam, SpamAssassin (score=-2.699,
	required 5, AWL -0.30, BAYES_00 -2.60, DNS_FROM_RFC_ABUSE 0.20,
	UNPARSEABLE_RELAY 0.00)
X-Hellug-MailScanner-From: keramida@freebsd.org
X-Spam-Status: No
Cc: doc@freebsd.org
Subject: Re: IPFW manpage suggestion
X-BeenThere: freebsd-doc@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Documentation project <freebsd-doc.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-doc>
List-Post: <mailto:freebsd-doc@freebsd.org>
List-Help: <mailto:freebsd-doc-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Oct 2006 17:30:23 -0000

On 2006-09-28 23:00, Josh Paetzel <josh@tcbug.org> wrote:
> I have a friend who's converting from linux to FreeBSD.  He's trying 
> to set up ipfw and was reading through the ipfw manpage.  He asked me 
> some questions about examples in the manpage and while I think the 
> manpage is very clear it is perhaps a poor example.
> 
> As an example, an address specified as 1.2.3.4/24{128,35-55,89}
> will match the following IP addresses:
> 1.2.3.128, 1.2.3.35 to 1.2.3.55, 1.2.3.89
> 
> This is perfectly clear and works exactly as stated but the choice of 
> 1.2.3.4/24 as a network number isn't the best in my opinion.  His 
> question was whether the example would match 1.2.3.4.  It doesn't of 
> course but perhaps the example would make more sense as:
> 1.2.3.0/24{128,35-55,89}
> 
> This also opens to door to what happens if you do something like:
> 1.2.3.15/25{215-220}  I regret to say I don't have a box I can 
> actually test that on though.
> 
> There are other places in the manpage where a network number would 
> make more sense than an IP but the one I pointed out seems to be the 
> most glaring.
> 
> I'm willing to do the grunt work if it's determined it's worth 
> changing.

Does the following patch look ok for this?

%%%
# HG changeset patch
# User Giorgos Keramidas <keramida@ceid.upatras.gr>
# Date 1159982994 -10800
# Node ID 299cbe729a9fc56f44776222743b46e50eef893a
# Parent  96f4a04b54780e0191daea12c6cef569ad2725d4
Switch to using network numbers whenever possible.

Submitted by:   Josh Paetzel <josh@tcbug.org>

diff -r 96f4a04b5478 -r 299cbe729a9f sbin/ipfw/ipfw.8
--- a/sbin/ipfw/ipfw.8	Tue Oct 03 21:04:04 2006 +0300
+++ b/sbin/ipfw/ipfw.8	Wed Oct 04 20:29:54 2006 +0300
@@ -951,20 +951,20 @@ Hostnames are resolved at the time the r
 .It Ar addr Ns / Ns Ar masklen
 Matches all addresses with base
 .Ar addr
-(specified as an IP address or a hostname)
+(specified as an IP address, a network number, or a hostname)
 and mask width of
 .Cm masklen
 bits.
-As an example, 1.2.3.4/25 will match
+As an example, 1.2.3.4/25 or 1.2.3.0/25 will match
 all IP numbers from 1.2.3.0 to 1.2.3.127 .
 .It Ar addr Ns : Ns Ar mask
 Matches all addresses with base
 .Ar addr
-(specified as an IP address or a hostname)
+(specified as an IP address, a network number, or a hostname)
 and the mask of
 .Ar mask ,
 specified as a dotted quad.
-As an example, 1.2.3.4:255.0.255.0 will match
+As an example, 1.2.3.4:255.0.255.0 or 1.0.3.0:255.0.255.0 will match
 1.*.3.*.
 This form is advised only for non-contiguous
 masks.
@@ -977,7 +977,7 @@ error-prone.
 .It Ar list : Bro Ar num | num-num Brc Ns Op Ns , Ns Ar list
 Matches all addresses with base address
 .Ar addr
-(specified as an IP address or a hostname)
+(specified as an IP address, a network number, or a hostname)
 and whose last byte is in the list between braces { } .
 Note that there must be no spaces between braces and
 numbers (spaces after commas are allowed).
@@ -997,6 +997,7 @@ the complexity of rulesets.
 the complexity of rulesets.
 .br
 As an example, an address specified as 1.2.3.4/24{128,35-55,89}
+or 1.2.3.0/24{128,35-55,89}
 will match the following IP addresses:
 .br
 1.2.3.128, 1.2.3.35 to 1.2.3.55, 1.2.3.89 .
%%%