Date: Wed, 02 May 2007 16:38:25 -0400 From: Steve Bertrand <iaccounts@ibctech.ca> To: Tun Eler <tuneler@bsdmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: IP FILTER and network address Message-ID: <4638F6C1.4010105@ibctech.ca> In-Reply-To: <20070502202911.01FDD7AEB8@ws5-10.us4.outblaze.com> References: <20070502202911.01FDD7AEB8@ws5-10.us4.outblaze.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Tun Eler wrote: > Hi all, > i want to have these two rules in the ipf.rules file > > pass in quick on $oif proto tcp from 217.83.122.17/8 to $myip port = 22 flags S keep state > pass in quick on $oif proto tcp from 217.83.89.61/8 to $myip port = 22 flags S keep state > > where $iof is my interface. Executing the config file i get the following error > > ioctl(add/insert rule): File exists > > Which means the rule is being loaded twice. But the networka addresses above are > different!!! If i comment any of the above two lines, ipf executes fine. > Any idea how to solve this error, and allow only these two networks above? > Thanks in advance ... Appending your IP with /8 ends you up with two rules that essentially look like this (AFAIK): pass in quick on $oif proto tcp from 217.0.0.0/8 to $myip port = 22 flags S keep state pass in quick on $oif proto tcp from 217.0.0.0/8 to $myip port = 22 flags S keep state Perhaps you want to filter the IP's only, like: pass in quick on $oif proto tcp from 217.83.122.17/32 to $myip port = 22 flags S keep state pass in quick on $oif proto tcp from 217.83.89.61/32 to $myip port = 22 flags S keep state Regards, Steve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4638F6C1.4010105>