From owner-freebsd-questions@FreeBSD.ORG Wed Mar 9 16:16:39 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5987316A4CE for ; Wed, 9 Mar 2005 16:16:39 +0000 (GMT) Received: from m.kolocation.com (m.kolocation.com [66.111.12.250]) by mx1.FreeBSD.org (Postfix) with SMTP id B8D9043D48 for ; Wed, 9 Mar 2005 16:16:38 +0000 (GMT) (envelope-from darek@nyi.net) Received: (qmail 30285 invoked by uid 89); 9 Mar 2005 16:12:30 -0000 Received: from unknown (HELO ?10.60.60.139?) (64.147.100.2) by 0 with SMTP; 9 Mar 2005 16:12:30 -0000 Message-ID: <422F213F.7000407@nyi.net> Date: Wed, 09 Mar 2005 11:15:59 -0500 From: Darek Milewski User-Agent: Mozilla Thunderbird 0.7.3 (Windows/20040803) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: ipfw IP ranges X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Mar 2005 16:16:39 -0000 Hi there, trying to specify IP ranges in ipfw. The man page is pretty brief in this respect, but I understand that I should be able to specify allow tcp from any to 1.2.3.0/25{14-24} 3389 which should apply the rule to IP block of 1.2.3.14 through 1.2.3.24. However, I was just closing down 1.2.3.127 and noticed that a port that was closed was accessible. Turns out the rule above was matching traffic going to 1.2.3.127:3389. When running 'ipfw show' the allow from above is listed as allow tcp from any to 1.2.3.0/25 3389 So it looks like my original syntax enabled the rule for the whole /25 subnet. Am I doing this wrong? If so, how can I specify ranges explicitly, meaning not using smaller subnets. IE: 1.2.3.14-27 instead of 1.2.3.14/28, which would not be very precise of a match. Perhaps I should be using /24 istead of /25? Thanks!