From owner-freebsd-ipfw@FreeBSD.ORG Sun May 4 16:07:59 2008 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1D4121065676 for ; Sun, 4 May 2008 16:07:59 +0000 (UTC) (envelope-from budiyt@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.179]) by mx1.freebsd.org (Postfix) with ESMTP id 0DBA28FC12 for ; Sun, 4 May 2008 16:07:58 +0000 (UTC) (envelope-from budiyt@gmail.com) Received: by wa-out-1112.google.com with SMTP id j4so250319wah.3 for ; Sun, 04 May 2008 09:07:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=40cXzaGxBU9XGh6xRpEqbQshLnPE3EYipn0eCa2e/VQ=; b=YxNFXWZ/i+LdEcVVTlkW8YLUMv49zzn/bm4vlHPYIGZQSh324bNwrabOMuYoHF6OtqqG15gzHen/pXnyqYrgtaQvTwtoKfKN4Iet1of+WAoKfeuGpzhcMKuLvA/lKgDNOFz/elALs7dNBII40pQzzyXTlVuoD32A9T1QLzyTnPw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=qN+w7HS4n/VFoMlol9msEHNkoezKTec/f72YG/6x7NxO09c7eVPZgGj1GCYWv7D8riFWpHXS4oF1ziCPicqhacK3tCdIba1JLZBa6Jf5LKFsl5oZUtz2lT2ol4NZZHgRpNLOTiaxSO5j7GXr+yepH1jXC3AT5ha/aLveY0cNZQo= Received: by 10.114.171.1 with SMTP id t1mr4826384wae.83.1209915624050; Sun, 04 May 2008 08:40:24 -0700 (PDT) Received: by 10.114.131.6 with HTTP; Sun, 4 May 2008 08:40:24 -0700 (PDT) Message-ID: <4d4dc3640805040840t5725fb4ejfd19da3c3f78ec73@mail.gmail.com> Date: Sun, 4 May 2008 22:40:24 +0700 From: budsz To: freebsd-ipfw@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Cc: Subject: Syntax base IP X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 May 2008 16:07:59 -0000 Hallo, I've rule in /etc/rc.firewall like this: ifint0="rl0" ippriviix="192.168.0.0/24" ipunlimit="192.168.0.100/32,10.35.4.1/32,202.129.189.42/32,\ 202.129.189.45/32,125.163.77.180/32,202.43.167.70/32,\ 202.43.167.72/32,202.43.161.119/32,202.10.32.10/32,202.93.20.22/32,\ 202.93.20.23/32,202.93.20.24/32,122.102.49.132/32,\ 202.43.161.124/32,202.93.247.26/32,202.93.247.28/32" portlim="20-21,80,88,443,2009,8080,8088,10007,18755" bwunlimit="197Kbit/s" ${fwcmd} add 100 pipe 1 ip from ${ippriviix} to { not ${ipunlimit} } ${portlim} via ${ifint0} ${fwcmd} add 101 pipe 1 ip from { not ${ipunlimit} } ${portlim} to ${ippriviix} via ${ifint0} ${fwcmd} pipe 1 config bw ${bwunlimit} Executing firewall I got error message like this: #sh /etc/rc.firewall ipfw: opcode 6 size 33 wrong ipfw: getsockopt(IP_FW_ADD): Invalid argument ipfw: opcode 2 size 33 wrong ipfw: getsockopt(IP_FW_ADD): Invalid argument This error happened after I adding new IP Address 202.93.247.28/32 on $ipunlimit variable. It that correct to add 202.93.247.26/32 and 202.93.247.28/32 together? or I should rewrite like 202.93.247.26/29?. But already same on $ipunlimit variable like 202.93.20.22/32 and 202.93.20.23/32 this is no problem. Any clue or suggestion about this syntax? Thanks You -- budsz