From owner-freebsd-ipfw@FreeBSD.ORG Sun Oct 29 10:27:52 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B834E16A403 for ; Sun, 29 Oct 2006 10:27:52 +0000 (UTC) (envelope-from wash@wananchi.com) Received: from ns2.wananchi.com (ns2.wananchi.com [62.8.64.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id B8B0343D45 for ; Sun, 29 Oct 2006 10:27:51 +0000 (GMT) (envelope-from wash@wananchi.com) Received: from wash by ns2.wananchi.com with local (Exim 4.63 #0 (FreeBSD 4.11-STABLE)) id 1Ge7tM-0000Ov-9o by authid for ; Sun, 29 Oct 2006 13:27:48 +0300 Date: Sun, 29 Oct 2006 13:27:48 +0300 From: Odhiambo WASHINGTON To: freebsd-ipfw@freebsd.org Message-ID: <20061029102748.GA98258@ns2.wananchi.com> References: <20061028121914.GA79793@ns2.wananchi.com> <4543640E.1060808@joeholden.co.uk> <20061029072837.GG59725@ns2.wananchi.com> <20061029055143.ec488ca0.el.mofo@uol.com.br> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20061029055143.ec488ca0.el.mofo@uol.com.br> X-Disclaimer: Any views expressed in this message, where not explicitly attributed otherwise, are mine alone!. X-Mailer: Mutt 1.5.13 (2006-08-11) X-Designation: Systems Administrator, Wananchi Online Ltd. X-Location: Nairobi, KE, East Africa. User-Agent: Mutt/1.5.13 (2006-08-11) Sender: Odhiambo Washington Subject: Re: How do I do this with IPFW2? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Oct 2006 10:27:52 -0000 * On 29/10/06 05:51 -0300, m0f0x wrote: | On Sun, 29 Oct 2006 10:28:37 +0300 | Odhiambo WASHINGTON wrote: | | > * On 28/10/06 15:07 +0100, Joe Holden wrote: | > | Odhiambo WASHINGTON wrote: | > | > Here is my network definition, with two IP blocks. | > | > | > | > my_ip_blocks = "62.8.64.0/19 196.200.32.0/20" | > | > | > | > I'd like to do something like below: | > | > | > | > ipfw pipe 1 config bw 1024Kbit/s | > | > ipfw add pipe 1 tcp from me to not $my_ip_blocks 25 | > | > | > | > | > | > What I can't find is how to _correctly_ define my_ip_blocks | > | > in the rule in a way ipfw2 will accept. | > | > | > | | > | What release? I know the following will work in -CURRENT (Courtesy | > | of the manual pages for IPFW): | > | | > | my_ip_blocks="62.8.64.0/19, 196.200.32.0/20" | > | ipfw pipe 1 config bw 1024Kbit/s | > | ipfw add pipe 1 tcp from me to not $my_ip_blocks 25 | > | > | > Hi Joe, | > | > Yes, this really helped. After I removed the "{}" surrounding the | > declaration of $my_ip_blocks, the pipe now behaves as expected. | > | > I am running IPFW2 (as I mentioned in the subject) on FreeBSD 6.2-PRE. | > | > I am wondering if this would be possible on IPFW2 built in FreeBSD | > 4.11 | For 4.X systems: | | * Build a kernel with | options IPFW2 | | * Remake ipfw and libalias... | cd /usr/src/sbin/ipfw | make clean | make -DIPFW2 | make -DIPFW2 install | | cd /usr/src/lib/libalias | make clean | make -DIPFW2 | make -DIPFW2 install | | Source: | http://cvs.freebsd.uwaterloo.ca/twiki/bin/view/Freebsd/StatefulFirewalling Wonderful! This works great. Thanks a heap! -Wash http://www.netmeister.org/news/learn2quote.html DISCLAIMER: See http://www.wananchi.com/bms/terms.php -- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+ Seleznick's Theory of Holistic Medicine: Ice Cream cures all ills.