Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 15 Jan 1997 11:14:32 -0800 (PST)
From:      "Eric J. Schwertfeger" <ejs@bfd.com>
To:        Nate Williams <nate@mt.sri.com>
Cc:        phk@FreeBSD.ORG, current@FreeBSD.ORG
Subject:   Re: ipfw cannot do this...
Message-ID:  <Pine.BSF.3.95.970115111042.1500L-100000@harlie>
In-Reply-To: <199701151643.JAA05590@rocky.mt.sri.com>

next in thread | previous in thread | raw e-mail | index | archive | help


On Wed, 15 Jan 1997, Nate Williams wrote:

> > I just found out one thing we need in ipfw, the ability to inverse the
> > sense of a rule:
> > 
> > ipfw add deny not ip from 140.145.0.0 to any via ed0
> > ipfw add deny not ip from any to 140.145.0.0 via ed1
> >               ^^^
> > ipfw add allow tcp from any to any 23
> > ipfw add allow tcp from any to any 25
> > ...
> > 
> > any takers ?
> 
> I'm not sure I follow what you want.  What exactly are you trying to do?

As someone that wants something like this, I think I can answer.  Quite a
few times, I've wanted to deny everything but a certain address range, and
then further restrict that address range.

Actually, what I really want is an ipfw add skip XXX ... where if
something matches the rule, skip all other rules below XXX (yes, I always
number my rules:-)





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.970115111042.1500L-100000>