Date: Tue, 11 Jul 2006 15:27:02 -0300 From: "Gilberto Villani Brito" <linux@giboia.org> To: freebsd-net@freebsd.org Subject: Re: counting (not) blocks of IPs in ipfw - please help Message-ID: <6e6841490607111127l5dc5bcfaif36966bc941afdfe@mail.gmail.com> In-Reply-To: <Pine.LNX.4.21.0607101838530.12027-100000@shell.dhp.com> References: <Pine.LNX.4.21.0607101838530.12027-100000@shell.dhp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Try:
ipfw add 00100 count ip from not {10.20.0.0/16,10.30.0.0/16} to any via em0
in
Gilberto
2006/7/10, Ensel Sharon <user@dhp.com>:
>
>
>
> I can't seem to get ipfw to handle a rule like this:
>
>
> ipfw add 00100 count ip from any not { 10.20.0.0/16 or 10.30.0.0/16 } to
> any via em0 in
>
> The error is:
>
> ipfw: missing ``to''
> ipfw: unrecognised option [-1] 10.20.0.0/16
>
>
>
> So if I remove the curlys and try just one IP block:
>
> ipfw add 00100 count ip from any not 10.20.0.0/16 to any via em0 in
>
> The error is:
>
> ipfw: invalid separator <.> in <10.20.0.0/16>
>
>
> Any help appreciated. Thanks.
>
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6e6841490607111127l5dc5bcfaif36966bc941afdfe>