Date: Tue, 06 May 2008 12:59:57 +0400 From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: budsz <budiyt@gmail.com> Cc: freebsd-ipfw@FreeBSD.org Subject: Re: Syntax base IP Message-ID: <48201E0D.60803@yandex.ru> In-Reply-To: <4d4dc3640805040840t5725fb4ejfd19da3c3f78ec73@mail.gmail.com> References: <4d4dc3640805040840t5725fb4ejfd19da3c3f78ec73@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
budsz wrote:
> ipunlimit="192.168.0.100/32,10.35.4.1/32,202.129.189.42/32,\
> 202.129.189.45/32,125.163.77.180/32,202.43.167.70/32,\
> 202.43.167.72/32,202.43.161.119/32,202.10.32.10/32,202.93.20.22/32,\
> 202.93.20.23/32,202.93.20.24/32,122.102.49.132/32,\
> 202.43.161.124/32,202.93.247.26/32,202.93.247.28/32"
> ${fwcmd} add 100 pipe 1 ip from ${ippriviix} to { not ${ipunlimit} }
> ${portlim} via ${ifint0}
> ${fwcmd} add 101 pipe 1 ip from { not ${ipunlimit} } ${portlim} to
> ${ippriviix} via ${ifint0}
> Executing firewall I got error message like this:
> #sh /etc/rc.firewall
> ipfw: opcode 6 size 33 wrong
> ipfw: getsockopt(IP_FW_ADD): Invalid argument
> ipfw: opcode 2 size 33 wrong
> ipfw: getsockopt(IP_FW_ADD): Invalid argument
It means that your src and dst addresses are too long.
> Any clue or suggestion about this syntax?
Try to use lookup tables.
--
WBR, Andrey V. Elsukov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48201E0D.60803>