Date: Tue, 28 May 2002 07:06:08 -0700 (PDT) From: Chris Appleton <appleton_chris@yahoo.com> To: Patrick O'Reilly <bsd@perimeter.co.za>, freebsd-questions@FreeBSD.ORG Subject: Re: ipfw range filter? Message-ID: <20020528140608.56609.qmail@web14801.mail.yahoo.com> In-Reply-To: <01c101c20631$2b107c20$b50d030a@PATRICK>
next in thread | previous in thread | raw e-mail | index | archive | help
> > is it possible to filter a range of ip's with one rule? > > > > unfortunately i've got a c class and just have the one subnet so i > > don't think i can use /x for instance. i could try and create > proper > > subnets, but of course want the quickie. > > > > i don't like having 60 rules for pop and smtp to hosted servers. > > Chris, > > The /x notation is specifically for subnets - so I'm sure you can do > this. > > For example, if your subnet is 100.100.100.32 to 100.100.100.63, with > a > subnet mask of 255.255.255.224, then you could construct rules like > this: > > ipfw add 100 allow tcp from any to 100.100.100.32/27 25 setup # smtp > ipfw add 100 allow tcp from any to 100.100.100.32/27 110 setup # pop that makes perfect sense but here's the catch. i'm using the full c subnet, meaning all nodes are configured as 1.2.3.0/24 255.255.255.0. what i'd like to do is segment/target say .230 - .254 (i know the #'s don't add) out of the full class c i'm using. only do it at bsd, not go around creating proper 'sub' subnets (lazy i guess). isolate a block/segment of the whole subnet which i'm configured to use in a bsd rule. thanks for the interest all, please keep it comin' chris __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020528140608.56609.qmail>