From owner-freebsd-questions  Mon Aug 13  9:43:11 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66])
	by hub.freebsd.org (Postfix) with ESMTP
	id 40CCB37B413; Mon, 13 Aug 2001 09:42:59 -0700 (PDT)
	(envelope-from nate@yogotech.com)
Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131])
	by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id KAA05963;
	Mon, 13 Aug 2001 10:42:49 -0600 (MDT)
	(envelope-from nate@nomad.yogotech.com)
Received: (from nate@localhost)
	by nomad.yogotech.com (8.8.8/8.8.8) id KAA20963;
	Mon, 13 Aug 2001 10:42:40 -0600 (MDT)
	(envelope-from nate)
From: Nate Williams <nate@yogotech.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15224.895.861427.828038@nomad.yogotech.com>
Date: Mon, 13 Aug 2001 10:42:39 -0600
To: Peter Pentchev <roam@ringlet.net>
Cc: default - Subscriptions <default013subscriptions@hotmail.com>,
	freebsd-security@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG
Subject: Re: Easy IPFW question...
In-Reply-To: <20010813165603.B1119@ringworld.oblivion.bg>
References: <OE26Wd7KKQpQq5pneeF0000b932@hotmail.com>
	<20010813165603.B1119@ringworld.oblivion.bg>
X-Mailer: VM 6.95 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid
Reply-To: nate@yogotech.com (Nate Williams)
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

> > I'm kinda new to IPFW, and I was unable to figure this out by myself...
> > 
> > I want to block an I.P. range, say 192.168.0.1, with a netmask of
> > 255.255.0.0 ...
> > 
> > The rule I tried was this:
> > ipfw add deny log all from 192.168.0.1/16 to any via ed0
> 
> Try 192.168.0.0/16 - the bits that are zeroed in the netmask must be
> also zeroed in the address.

If so, then the ipfw parser is borken. :(

It *shouldn't* matter what the last two bytes in this case are, as it
doesn't matter to any of the other routing protocols.



Nate

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message