Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 14 Aug 2014 18:15:36 +0200
From:      Willem Jan Withagen <wjw@digiware.nl>
To:        "Alexander V. Chernikov" <melifaro@yandex-team.ru>,  Luigi Rizzo <rizzo@iet.unipi.it>
Cc:        "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>, Luigi Rizzo <luigi@freebsd.org>, freebsd-ipfw <freebsd-ipfw@freebsd.org>, "Andrey V. Elsukov" <ae@freebsd.org>
Subject:   Re: [CFT] new tables for ipfw
Message-ID:  <53ECE0A8.7010705@digiware.nl>
In-Reply-To: <53ECD3DA.6060501@yandex-team.ru>
References:  <53EBC687.9050503@yandex-team.ru> <CA%2BhQ2%2Bg=A_rLHCVpBqn0AtFLu_gNGtzbmXvc-7JhpLqPSWw44A@mail.gmail.com> <53EC880B.3020903@yandex-team.ru> <CA%2BhQ2%2BiPPhy47eN0=KaSYBaNMdObY20yko7dRY1MMuP_mfnmOQ@mail.gmail.com> <53EC960A.1030603@yandex-team.ru> <CA%2BhQ2%2BgxVYmXb%2BHOw4qUm6tykmEvBRkrV0RhZsnC6B08FLKvdA@mail.gmail.com> <53ECA6B2.8010003@digiware.nl> <53ECD3DA.6060501@yandex-team.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 14-8-2014 17:20, Alexander V. Chernikov wrote:
>> I've found the notation ipnr:something rather frustrating when using
>> ipv6 addresses. Sort of like typing a ipv6 address in a browser, the
>> last :xx is always interpreted as portnumber, UNLESS you wrap it in []'s.
>> compare
>>     2001:4cb8:3:1::1
>>     2001:4cb8:3:1::1:80
>>     [2001:4cb8:3:1::1]:80
>> The first and the last are the same host but a different port, the
>> middle one is just a different host.
>>
>> Could/should we do the same in ipfw?
> Well, we should, but I'm unsure if we have host:port notation anywhere
> in current (or new) syntax:

I now remember the case, sort of I think:
When using an IPv6 address the last time I ran into the snag with:
(From the ipfw(8) manual)
 ip-addr:
     ....
	 addr:mask
            Matches all addresses with base addr (specified as an IP
            address, a network number, or a hostname) and the mask of
            mask, specified as a dotted quad.  As an example,
            1.2.3.4:255.0.255.0 or 1.0.3.0:255.0.255.0 will match
            1.*.3.*.  This form is advised only for non-contiguous
            masks.  It is better to resort to the addr/masklen format
            for contiguous masks, which is more compact and less

Which tried to use the last quad of an IPv6 adress in a very convoluted
case, which I cannot reproduce any longer.

Reading the manual, one of my problems is now clearly a RTFM:
	how to use ftp-data in a rule without the complaint that data
	is not a valid port-name. :)
again something learned.

--WjW

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53ECE0A8.7010705>