Date: Wed, 4 Oct 2006 20:30:35 +0300 From: Giorgos Keramidas <keramida@freebsd.org> To: Josh Paetzel <josh@tcbug.org> Cc: doc@freebsd.org Subject: Re: IPFW manpage suggestion Message-ID: <20061004173035.GB16716@gothmog.pc> In-Reply-To: <200609282300.53946.josh@tcbug.org> References: <200609282300.53946.josh@tcbug.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2006-09-28 23:00, Josh Paetzel <josh@tcbug.org> wrote:
> I have a friend who's converting from linux to FreeBSD. He's trying
> to set up ipfw and was reading through the ipfw manpage. He asked me
> some questions about examples in the manpage and while I think the
> manpage is very clear it is perhaps a poor example.
>
> As an example, an address specified as 1.2.3.4/24{128,35-55,89}
> will match the following IP addresses:
> 1.2.3.128, 1.2.3.35 to 1.2.3.55, 1.2.3.89
>
> This is perfectly clear and works exactly as stated but the choice of
> 1.2.3.4/24 as a network number isn't the best in my opinion. His
> question was whether the example would match 1.2.3.4. It doesn't of
> course but perhaps the example would make more sense as:
> 1.2.3.0/24{128,35-55,89}
>
> This also opens to door to what happens if you do something like:
> 1.2.3.15/25{215-220} I regret to say I don't have a box I can
> actually test that on though.
>
> There are other places in the manpage where a network number would
> make more sense than an IP but the one I pointed out seems to be the
> most glaring.
>
> I'm willing to do the grunt work if it's determined it's worth
> changing.
Does the following patch look ok for this?
%%%
# HG changeset patch
# User Giorgos Keramidas <keramida@ceid.upatras.gr>
# Date 1159982994 -10800
# Node ID 299cbe729a9fc56f44776222743b46e50eef893a
# Parent 96f4a04b54780e0191daea12c6cef569ad2725d4
Switch to using network numbers whenever possible.
Submitted by: Josh Paetzel <josh@tcbug.org>
diff -r 96f4a04b5478 -r 299cbe729a9f sbin/ipfw/ipfw.8
--- a/sbin/ipfw/ipfw.8 Tue Oct 03 21:04:04 2006 +0300
+++ b/sbin/ipfw/ipfw.8 Wed Oct 04 20:29:54 2006 +0300
@@ -951,20 +951,20 @@ Hostnames are resolved at the time the r
.It Ar addr Ns / Ns Ar masklen
Matches all addresses with base
.Ar addr
-(specified as an IP address or a hostname)
+(specified as an IP address, a network number, or a hostname)
and mask width of
.Cm masklen
bits.
-As an example, 1.2.3.4/25 will match
+As an example, 1.2.3.4/25 or 1.2.3.0/25 will match
all IP numbers from 1.2.3.0 to 1.2.3.127 .
.It Ar addr Ns : Ns Ar mask
Matches all addresses with base
.Ar addr
-(specified as an IP address or a hostname)
+(specified as an IP address, a network number, or a hostname)
and the mask of
.Ar mask ,
specified as a dotted quad.
-As an example, 1.2.3.4:255.0.255.0 will match
+As an example, 1.2.3.4:255.0.255.0 or 1.0.3.0:255.0.255.0 will match
1.*.3.*.
This form is advised only for non-contiguous
masks.
@@ -977,7 +977,7 @@ error-prone.
.It Ar list : Bro Ar num | num-num Brc Ns Op Ns , Ns Ar list
Matches all addresses with base address
.Ar addr
-(specified as an IP address or a hostname)
+(specified as an IP address, a network number, or a hostname)
and whose last byte is in the list between braces { } .
Note that there must be no spaces between braces and
numbers (spaces after commas are allowed).
@@ -997,6 +997,7 @@ the complexity of rulesets.
the complexity of rulesets.
.br
As an example, an address specified as 1.2.3.4/24{128,35-55,89}
+or 1.2.3.0/24{128,35-55,89}
will match the following IP addresses:
.br
1.2.3.128, 1.2.3.35 to 1.2.3.55, 1.2.3.89 .
%%%
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061004173035.GB16716>