Date: Wed, 29 May 2002 14:41:53 -0500 From: "Eric F Crist" <ecrist@secure-computing.net> To: "Chris Appleton" <appleton_chris@yahoo.com>, <freebsd-questions@FreeBSD.ORG> Subject: Re: ipfw range filter? Message-ID: <00c001c20748$e3dbd570$fe01a8c0@armageddon> References: <20020528100031.56453.qmail@web14802.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I would recommend simply not being *lazy* and setting up subnets. This is supported my the majority of the IPv4 protocol, so you won't have any other potential configuration snafu's around your network. If you have the 10.0.0.0/24 class C network, for example, and you want to filter out 230-254, you could do it with the following rules: ipfw add 1010 allow ip from 10.0.0.224 to any ipfw add 1020 allow ip from 10.0.0.225 to any ipfw add 1030 allow ip from 10.0.0.226 to any ipfw add 1040 allow ip from 10.0.0.227 to any ipfw add 1050 allow ip from 10.0.0.228 to any ipfw add 1060 allow ip from 10.0.0.229 to any ipfw add 1100 deny ip from 10.0.0.224/27 to any HTH Eric F Crist President/Sys Admin AdTech Integrated Systems, Inc. http://www.adtechintegrated.com ----- Original Message ----- From: "Chris Appleton" <appleton_chris@yahoo.com> To: <freebsd-questions@FreeBSD.ORG> Sent: Tuesday, May 28, 2002 5:00 AM Subject: ipfw range filter? > is it possible to filter a range of ip's with one rule? > > unfortunately i've got a c class and just have the one subnet so i > don't think i can use /x for instance. i could try and create proper > subnets, but of course want the quickie. > > i don't like having 60 rules for pop and smtp to hosted servers. > > thanks advance, > > chris > > __________________________________________________ > Do You Yahoo!? > Yahoo! - Official partner of 2002 FIFA World Cup > http://fifaworldcup.yahoo.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00c001c20748$e3dbd570$fe01a8c0>