From owner-freebsd-ipfw@FreeBSD.ORG Fri Feb 6 12:01:11 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E7D9E16A4CE for ; Fri, 6 Feb 2004 12:01:11 -0800 (PST) Received: from mail.park7.number.ru (host212-5-99-220.izmaylovo.ru [212.5.99.220]) by mx1.FreeBSD.org (Postfix) with ESMTP id 43D9443D4C for ; Fri, 6 Feb 2004 12:01:01 -0800 (PST) (envelope-from blacksir@number.ru) Received: from blacksir.local ([192.168.2.166] helo=blacksir) by mail.park7.number.ru with smtp (Exim 4.30 #0 (Slackware)) id 1ApC9S-000FGW-Lr; Fri, 06 Feb 2004 23:00:34 +0300 From: "Vasenin Alexander aka BlackSir" To: "Jack L. Stone" , "Luigi Rizzo" , "Don Bowman" Date: Fri, 6 Feb 2004 22:59:03 +0300 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 In-Reply-To: <3.0.5.32.20040206125411.01e841f0@10.0.0.15> Importance: Normal cc: freebsd-ipfw@freebsd.org Subject: RE: Syntax to block 38 IPs X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Feb 2004 20:01:12 -0000 To upgrade to IPFW2 you need to recompile the kernel with IPFW2 option, recompile 'libalias' library and 'ipfw' control program. man ipfw would help. I'm not sure, but I suppose IPFW2 don't marked STABLE for 4.x With ipfw1 there are 2 ways to sovle your problem: 1. Just add 38 lines to your rule list and forget about it 2. ipfw deny ip from 209.102.202.0/24 ipfw deny ip from 65.194.51.0/24 > -----Original Message----- > From: owner-freebsd-ipfw@freebsd.org > [mailto:owner-freebsd-ipfw@freebsd.org]On Behalf Of Jack L. Stone > Sent: Friday, February 06, 2004 9:54 PM > To: Luigi Rizzo; Don Bowman > Cc: freebsd-ipfw@freebsd.org > Subject: Re: Syntax to block 38 IPs > > > TopPost: > Thanks for the quick responses. > > So, I gather under IPFW(#1), it's either 38 lines or upgrade to IPFW2 > > I haven't had time to study IPFW2 too well, although I know how > to upgrade. > A follow-up question is that, if I do upgrade, will IPFW2 still use my old > rules until I can get around to tuning/tweaking...?? > > At 10:13 AM 2.6.2004 -0800, Luigi Rizzo wrote: > >On Fri, Feb 06, 2004 at 01:09:48PM -0500, Don Bowman wrote: > >... > >> deny ip from { 209.102.202.131, 209.102.202.132, ...} to any > > > >this is still inefficient. Better to use > > > > deny ip from 209.102.202.0/24{131,132,157,190,1,86} ... > > > >which uses a bitmap to represent the list of hosts and has constant > >processing time as opposed to having to scan a list. > > > > cheers > > luigi > > > >> this uses IPFW2 I think. > >> > >> from the shell, remember to escape the { as \{. > >> > >> you could also send a RST i suppose, but just dropping it is > >> best. > >> > >> _______________________________________________ > >> freebsd-ipfw@freebsd.org mailing list > >> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > >> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > > > > > Best regards, > Jack L. Stone, > Administrator > > Sage American > http://www.sage-american.com > jacks@sage-american.com > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" >