From owner-freebsd-questions Thu Jun 6 10:22:15 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id KAA17947 for questions-outgoing; Thu, 6 Jun 1996 10:22:15 -0700 (PDT) Received: from sili.adn.edu.ph (info@sili.adn.edu.ph [165.220.57.2]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id KAA17936 for ; Thu, 6 Jun 1996 10:22:11 -0700 (PDT) Received: (from info@localhost) by sili.adn.edu.ph (8.6.11/8.6.9) id BAA15451; Fri, 7 Jun 1996 01:42:56 +1000 Date: Fri, 7 Jun 1996 01:42:56 +1000 (GMT+1000) From: Information Help Desk To: FreeBSD Questions Subject: IPFW: Problem with specifying IP addr range Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk HI !!! I am using FreeBSD 2.2-960501-SNAP. Recently experimented on ip firewaling and accounting. I tried to add the rule below, ipfw 9 add count all from 165.220.57.241:255.255.255.240 to any 80 out My intention was to monitor http accesses from subnet 165.220.57.240. Based from what I read in the ipfw man pages, this rule would match all packets from subnet 165.220.57.240, or hosts and workstations in this subnet. Out of curiosity, I verified this and tried to add the following rules, ipfw 8 add count all from 165.220.57.241 to any 80 out ipfw 7 add count all from 165.220.57.242 to any 80 out I reset the IP accounting with 'ipfw zero'. And, I issued a series of 'ipfw -a list'. I noticed that the number of packets that matched rule 9 is also the same number of packets that matched rule 8. And the number of packets that matched rule 7 is different with the number of packets that matched rule8. This means that rule 9 just matches packets from a specific IP being 165.220.57.241 and *not* IPs 165.220.57.241 to 254. Is there a bug in ipfw or is it just with the rules I tried ? Anything I missed out? -- jf