Date: Sun, 29 Oct 2006 13:27:48 +0300 From: Odhiambo WASHINGTON <odhiambo.raburu@wananchi.com> To: freebsd-ipfw@freebsd.org Subject: Re: How do I do this with IPFW2? Message-ID: <20061029102748.GA98258@ns2.wananchi.com> In-Reply-To: <20061029055143.ec488ca0.el.mofo@uol.com.br> References: <20061028121914.GA79793@ns2.wananchi.com> <4543640E.1060808@joeholden.co.uk> <20061029072837.GG59725@ns2.wananchi.com> <20061029055143.ec488ca0.el.mofo@uol.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
* On 29/10/06 05:51 -0300, m0f0x wrote:
| On Sun, 29 Oct 2006 10:28:37 +0300
| Odhiambo WASHINGTON <odhiambo.raburu@wananchi.com> wrote:
|
| > * On 28/10/06 15:07 +0100, Joe Holden wrote:
| > | Odhiambo WASHINGTON wrote:
| > | > Here is my network definition, with two IP blocks.
| > | >
| > | > my_ip_blocks = "62.8.64.0/19 196.200.32.0/20"
| > | >
| > | > I'd like to do something like below:
| > | >
| > | > ipfw pipe 1 config bw 1024Kbit/s
| > | > ipfw add pipe 1 tcp from me to not $my_ip_blocks 25
| > | >
| > | >
| > | > What I can't find is how to _correctly_ define my_ip_blocks
| > | > in the rule in a way ipfw2 will accept.
| > | >
| > |
| > | What release? I know the following will work in -CURRENT (Courtesy
| > | of the manual pages for IPFW):
| > |
| > | my_ip_blocks="62.8.64.0/19, 196.200.32.0/20"
| > | ipfw pipe 1 config bw 1024Kbit/s
| > | ipfw add pipe 1 tcp from me to not $my_ip_blocks 25
| >
| >
| > Hi Joe,
| >
| > Yes, this really helped. After I removed the "{}" surrounding the
| > declaration of $my_ip_blocks, the pipe now behaves as expected.
| >
| > I am running IPFW2 (as I mentioned in the subject) on FreeBSD 6.2-PRE.
| >
| > I am wondering if this would be possible on IPFW2 built in FreeBSD
| > 4.11
| For 4.X systems:
|
| * Build a kernel with
| options IPFW2
|
| * Remake ipfw and libalias...
| cd /usr/src/sbin/ipfw
| make clean
| make -DIPFW2
| make -DIPFW2 install
|
| cd /usr/src/lib/libalias
| make clean
| make -DIPFW2
| make -DIPFW2 install
|
| Source:
| http://cvs.freebsd.uwaterloo.ca/twiki/bin/view/Freebsd/StatefulFirewalling
Wonderful! This works great.
Thanks a heap!
-Wash
http://www.netmeister.org/news/learn2quote.html
DISCLAIMER: See http://www.wananchi.com/bms/terms.php
--
+======================================================================+
|\ _,,,---,,_ | Odhiambo Washington <wash@wananchi.com>
Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com
|,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922
'---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121
+======================================================================+
Seleznick's Theory of Holistic Medicine:
Ice Cream cures all ills.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061029102748.GA98258>