Date: Fri, 6 Feb 2004 12:38:33 +0200 From: Peter Pentchev <roam@ringlet.net> To: Alex <tmp@tern.ru> Cc: freebsd-security@freebsd.org Subject: Re: ipfw question Message-ID: <20040206103833.GD4848@straylight.m.ringlet.net> In-Reply-To: <614479869.20040206131706@tern.ru> References: <614479869.20040206131706@tern.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--hOcCNbCCxyk/YU74
Content-Type: text/plain; charset=windows-1251
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Feb 06, 2004 at 01:17:06PM +0300, freebsd@tern.ru wrote:
> Dear All.
>=20
> I want to use 'not' for 2 addresses (for both) in ipfw2 rule.
> The only way that looks like what I need is
>=20
> # ipfw add count from IP1 to not IP2,IP3
>=20
> But does this rule indeed makes what I want? Does it count all
> packets destined to addresses other then IP2 AND IP3?!
>=20
> No other syntax works.
> For example more logically correct
> not IP2 AND not IP3
> or even
> not { IP2 or IP3 }
> are understood by ipfw2
Could you try
ipfw add count from IP1 to not { IP2,IP3 }
G'luck,
Peter
--=20
Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553
If I had finished this sentence,
--hOcCNbCCxyk/YU74
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQFAI26p7Ri2jRYZRVMRAl34AJ40qLbrb7KzFPa/z9MUFYLMy6/6xQCfbCwe
EnmffqdUJ+EAD5dt4r8/WRY=
=9pEN
-----END PGP SIGNATURE-----
--hOcCNbCCxyk/YU74--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040206103833.GD4848>