From owner-freebsd-questions Tue May 28 7:35:19 2002 Delivered-To: freebsd-questions@freebsd.org Received: from dns.perimeter.co.za (dns.perimeter.co.za [196.25.164.254]) by hub.freebsd.org (Postfix) with ESMTP id 68AF937B404 for ; Tue, 28 May 2002 07:35:13 -0700 (PDT) Received: from PATRICK (loopback.mipjhb [209.212.102.245] (may be forged)) by dns.perimeter.co.za (8.11.1/8.11.1) with SMTP id g4SEZ4135864; Tue, 28 May 2002 16:35:05 +0200 (SAST) (envelope-from bsd@perimeter.co.za) Message-ID: <001801c20654$84415990$b50d030a@PATRICK> From: "Patrick O'Reilly" To: "Chris Appleton" , References: <20020528140608.56609.qmail@web14801.mail.yahoo.com> Subject: Re: ipfw range filter? Date: Tue, 28 May 2002 16:32:36 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG ----- Original Message ----- From: "Chris Appleton" > > that makes perfect sense but here's the catch. i'm using the full c > subnet, meaning all nodes are configured as 1.2.3.0/24 255.255.255.0. > > what i'd like to do is segment/target say .230 - .254 (i know the #'s > don't add) out of the full class c i'm using. only do it at bsd, not > go around creating proper 'sub' subnets (lazy i guess). > > isolate a block/segment of the whole subnet which i'm configured to use > in a bsd rule. You can create a rule like this: ipfw add 123 allow tcp from any to 1.2.3.240/28 25 setup Even though your subnet is a /24, this rule will work to single out the range of addresses from 1.2.3.240 through 1.2.3.255 . So, if you can set up blocks which match the way IP subnet normally work, you can do it. I don't know of a way to list an arbitrary range of IPs in one ipfw rule. I guess what you want is something like this: ipfw add 123 allow tcp from any to 1.2.3.230-1.2.3.254 25 setup But the ipfw syntax does not support such a construct (AFAIK). Regards, Patrick O'Reilly. ___ _ __ / _ )__ __ (_)_ __ ___ _/ /____ __ / __/ -_) _) / ~ ) -_), ,-/ -_) _) /_/ \__/_//_/_/~/_/\__/ \__/\__/_/ http://www.perimeter.co.za To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message