Date: Wed, 02 May 2007 18:48:54 -0400 From: Steve Bertrand <iaccounts@ibctech.ca> To: Tun Eler <tuneler@bsdmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: IP FILTER and network address Message-ID: <46391556.6070108@ibctech.ca> In-Reply-To: <20070502205030.DD658CA0A4@ws5-11.us4.outblaze.com> References: <20070502202911.01FDD7AEB8@ws5-10.us4.outblaze.com> <20070502205030.DD658CA0A4@ws5-11.us4.outblaze.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Tun Eler wrote: >> Appending your IP with /8 ends you up with two rules that essentially >> look like this (AFAIK): >> >> pass in quick on $oif proto tcp from 217.0.0.0/8 to $myip port = 22 >> flags S keep state >> > > Oh, off course. I was applying the rule in the wrong direction, from the right to the left. Silly :-) I don't quite know what you mean, but /32 is the single (host) IP, much like: 192.168.1.3/24 == 192.168.1.1 - 192.168.1.254 (entire 192.168.1 network) and: 172.16.28.18/16 == 172.16.0.1 - 172.16.255.254 (entire 172.16 network) ...what you had was the entire 217. network ;) Appending a /32 to an address means this address, and only this address. Regards, Steve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46391556.6070108>