Date: Wed, 09 Mar 2005 11:15:59 -0500 From: Darek Milewski <darek@nyi.net> To: freebsd-questions@freebsd.org Subject: ipfw IP ranges Message-ID: <422F213F.7000407@nyi.net>
index | next in thread | raw e-mail
Hi there,
trying to specify IP ranges in ipfw. The man page is pretty brief in
this respect, but I understand that I should be able to specify
allow tcp from any to 1.2.3.0/25{14-24} 3389
which should apply the rule to IP block of 1.2.3.14 through 1.2.3.24.
However, I was just closing down 1.2.3.127 and noticed that a port that
was closed was accessible. Turns out the rule above was matching
traffic going to 1.2.3.127:3389.
When running 'ipfw show' the allow from above is listed as
allow tcp from any to 1.2.3.0/25 3389
So it looks like my original syntax enabled the rule for the whole /25
subnet. Am I doing this wrong? If so, how can I specify ranges
explicitly, meaning not using smaller subnets. IE: 1.2.3.14-27 instead
of 1.2.3.14/28, which would not be very precise of a match. Perhaps I
should be using /24 istead of /25?
Thanks!
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?422F213F.7000407>