From owner-freebsd-security@FreeBSD.ORG Fri Feb 6 02:36:56 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6533E16A4CE for ; Fri, 6 Feb 2004 02:36:56 -0800 (PST) Received: from gandalf.online.bg (gandalf.online.bg [217.75.128.9]) by mx1.FreeBSD.org (Postfix) with SMTP id 9012743D46 for ; Fri, 6 Feb 2004 02:36:52 -0800 (PST) (envelope-from roam@ringlet.net) Received: (qmail 22842 invoked from network); 6 Feb 2004 10:36:09 -0000 Received: from office.casyst.com (HELO straylight.m.ringlet.net) (212.91.166.145) by gandalf.online.bg with SMTP; 6 Feb 2004 10:36:09 -0000 Received: (qmail 76970 invoked by uid 1000); 6 Feb 2004 10:38:34 -0000 Date: Fri, 6 Feb 2004 12:38:33 +0200 From: Peter Pentchev To: Alex Message-ID: <20040206103833.GD4848@straylight.m.ringlet.net> Mail-Followup-To: Alex , freebsd-security@freebsd.org References: <614479869.20040206131706@tern.ru> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="hOcCNbCCxyk/YU74" Content-Disposition: inline In-Reply-To: <614479869.20040206131706@tern.ru> User-Agent: Mutt/1.5.6i cc: freebsd-security@freebsd.org Subject: Re: ipfw question X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Feb 2004 10:36:56 -0000 --hOcCNbCCxyk/YU74 Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Feb 06, 2004 at 01:17:06PM +0300, freebsd@tern.ru wrote: > Dear All. >=20 > I want to use 'not' for 2 addresses (for both) in ipfw2 rule. > The only way that looks like what I need is >=20 > # ipfw add count from IP1 to not IP2,IP3 >=20 > But does this rule indeed makes what I want? Does it count all > packets destined to addresses other then IP2 AND IP3?! >=20 > No other syntax works. > For example more logically correct > not IP2 AND not IP3 > or even > not { IP2 or IP3 } > are understood by ipfw2 Could you try ipfw add count from IP1 to not { IP2,IP3 } G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If I had finished this sentence, --hOcCNbCCxyk/YU74 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAI26p7Ri2jRYZRVMRAl34AJ40qLbrb7KzFPa/z9MUFYLMy6/6xQCfbCwe EnmffqdUJ+EAD5dt4r8/WRY= =9pEN -----END PGP SIGNATURE----- --hOcCNbCCxyk/YU74--