From owner-freebsd-questions Tue May 28 7:52: 2 2002 Delivered-To: freebsd-questions@freebsd.org Received: from icarus.slightlystrange.org (icarus.slightlystrange.org [62.190.193.173]) by hub.freebsd.org (Postfix) with ESMTP id 7728137B407 for ; Tue, 28 May 2002 07:51:43 -0700 (PDT) Received: from danielby by icarus.slightlystrange.org with local (Exim 3.12 #1 (Debian)) id 17CiK6-0007Ks-00 for ; Tue, 28 May 2002 15:51:42 +0100 Date: Tue, 28 May 2002 15:51:42 +0100 From: Daniel Bye To: freebsd-questions@FreeBSD.ORG Subject: Re: ipfw range filter? Message-ID: <20020528145142.GE27216@icarus.slightlystrange.org> Reply-To: dan@slightlystrange.org Mail-Followup-To: freebsd-questions@FreeBSD.ORG References: <20020528140608.56609.qmail@web14801.mail.yahoo.com> <001801c20654$84415990$b50d030a@PATRICK> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <001801c20654$84415990$b50d030a@PATRICK> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, May 28, 2002 at 04:32:36PM +0200, Patrick O'Reilly wrote: > ----- Original Message ----- > From: "Chris Appleton" > > > > that makes perfect sense but here's the catch. i'm using the full c > > subnet, meaning all nodes are configured as 1.2.3.0/24 255.255.255.0. > > > > what i'd like to do is segment/target say .230 - .254 (i know the #'s > > don't add) out of the full class c i'm using. only do it at bsd, not > > go around creating proper 'sub' subnets (lazy i guess). > > > > isolate a block/segment of the whole subnet which i'm configured to > use > > in a bsd rule. > > You can create a rule like this: > > ipfw add 123 allow tcp from any to 1.2.3.240/28 25 setup > > Even though your subnet is a /24, this rule will work to single out the > range of addresses from 1.2.3.240 through 1.2.3.255 . So, if you can > set up blocks which match the way IP subnet normally work, you can do > it. I don't know of a way to list an arbitrary range of IPs in one ipfw > rule. > > I guess what you want is something like this: > > ipfw add 123 allow tcp from any to 1.2.3.230-1.2.3.254 25 setup > > But the ipfw syntax does not support such a construct (AFAIK). If you're using 4.5, though, you can use a preprocessor to parse add- itional config files, such as lists of IP addresses etc. It's not a feature I have yet needed to use, though, so can't offer any practical assistance or advice. I guess the external files's syntax will be informed by the preprocessor you choose. There is a little more about it in man 8 ipfw Dan -- Daniel Bye PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc PGP Key fingerprint: 3D73 AF47 D448 C5CA 88B4 0DCF 849C 1C33 3C48 2CDC _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message