Date: Sun, 29 Oct 2006 05:51:43 -0300 From: m0f0x <el.mofo@uol.com.br> To: freebsd-ipfw@freebsd.org Subject: Re: How do I do this with IPFW2? Message-ID: <20061029055143.ec488ca0.el.mofo@uol.com.br> In-Reply-To: <20061029072837.GG59725@ns2.wananchi.com> References: <20061028121914.GA79793@ns2.wananchi.com> <4543640E.1060808@joeholden.co.uk> <20061029072837.GG59725@ns2.wananchi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 29 Oct 2006 10:28:37 +0300
Odhiambo WASHINGTON <odhiambo.raburu@wananchi.com> wrote:
> * On 28/10/06 15:07 +0100, Joe Holden wrote:
> | Odhiambo WASHINGTON wrote:
> | > Here is my network definition, with two IP blocks.
> | >
> | > my_ip_blocks = "62.8.64.0/19 196.200.32.0/20"
> | >
> | > I'd like to do something like below:
> | >
> | > ipfw pipe 1 config bw 1024Kbit/s
> | > ipfw add pipe 1 tcp from me to not $my_ip_blocks 25
> | >
> | >
> | > What I can't find is how to _correctly_ define my_ip_blocks
> | > in the rule in a way ipfw2 will accept.
> | >
> |
> | What release? I know the following will work in -CURRENT (Courtesy
> | of the manual pages for IPFW):
> |
> | my_ip_blocks="62.8.64.0/19, 196.200.32.0/20"
> | ipfw pipe 1 config bw 1024Kbit/s
> | ipfw add pipe 1 tcp from me to not $my_ip_blocks 25
>
>
> Hi Joe,
>
> Yes, this really helped. After I removed the "{}" surrounding the
> declaration of $my_ip_blocks, the pipe now behaves as expected.
>
> I am running IPFW2 (as I mentioned in the subject) on FreeBSD 6.2-PRE.
>
> I am wondering if this would be possible on IPFW2 built in FreeBSD
> 4.11
For 4.X systems:
* Build a kernel with
options IPFW2
* Remake ipfw and libalias...
cd /usr/src/sbin/ipfw
make clean
make -DIPFW2
make -DIPFW2 install
cd /usr/src/lib/libalias
make clean
make -DIPFW2
make -DIPFW2 install
Source:
http://cvs.freebsd.uwaterloo.ca/twiki/bin/view/Freebsd/StatefulFirewalling
>
>
> -Wash
>
> http://www.netmeister.org/news/learn2quote.html
>
> DISCLAIMER: See http://www.wananchi.com/bms/terms.php
>
> --
> +======================================================================
> +
> |\ _,,,---,,_ | Odhiambo Washington
> |<wash@wananchi.com>
> Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com
> |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922
> '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121
> +======================================================================
> +
>
> The law will never make men free; it is men who have got to make the
> law free.
> -- Henry David Thoreau
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061029055143.ec488ca0.el.mofo>