From owner-freebsd-questions@FreeBSD.ORG Sat Nov 26 17:30:36 2005 Return-Path: X-Original-To: questions@FreeBSD.ORG Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D455916A41F for ; Sat, 26 Nov 2005 17:30:36 +0000 (GMT) (envelope-from mark@antsclimbtree.com) Received: from ylpvm15.prodigy.net (ylpvm15-ext.prodigy.net [207.115.57.46]) by mx1.FreeBSD.org (Postfix) with ESMTP id 05F3F43D58 for ; Sat, 26 Nov 2005 17:30:32 +0000 (GMT) (envelope-from mark@antsclimbtree.com) Received: from pimout3-ext.prodigy.net (pimout3-int.prodigy.net [207.115.4.218]) by ylpvm15.prodigy.net (8.12.10 outbound/8.12.10) with ESMTP id jAQHUYug015162 for ; Sat, 26 Nov 2005 12:30:34 -0500 X-ORBL: [69.232.30.131] Received: from lilbuddy.antsclimbtree.com (adsl-69-232-30-131.dsl.snfc21.pacbell.net [69.232.30.131]) by pimout3-ext.prodigy.net (8.13.4 outbound domainkey aix/8.13.4) with ESMTP id jAQHUQ1n178758 for ; Sat, 26 Nov 2005 12:30:31 -0500 Received: from [192.168.1.65] (helo=[192.168.1.65]) by lilbuddy.antsclimbtree.com with esmtpsa (TLSv1:RC4-SHA:128) (Exim 4.54 (FreeBSD)) id 1Eg3sl-000KZD-RR for questions@FreeBSD.ORG; Sat, 26 Nov 2005 09:30:45 -0800 Mime-Version: 1.0 (Apple Message framework v746.2) In-Reply-To: <44sltjphda.fsf@be-well.ilk.org> References: <536B393F-0E66-4B10-89A7-E0D4D82C87D7@antsclimbtree.com> <44sltjphda.fsf@be-well.ilk.org> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <9EDDDA9A-47A5-4B70-A1E5-6DADA46A8B91@antsclimbtree.com> Content-Transfer-Encoding: 7bit From: Mark Edwards Date: Sat, 26 Nov 2005 09:30:37 -0800 To: questions@FreeBSD.ORG X-Mailer: Apple Mail (2.746.2) Cc: Subject: Re: verrevpath -- ipfw: unknown argument ``not'' X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Nov 2005 17:30:37 -0000 On Nov 26, 2005, at 7:18 AM, Lowell Gilbert wrote: > Mark Edwards writes: > >> I am trying to implement the verrevpath suggestion in the ipfw man >> page, as follows: >> >>> The verrevpath option could be used to do automated anti- >>> spoofing by >>> adding the following to the top of a ruleset: >>> >>> ipfw add deny ip from any to any not verrevpath in >> >> However, when I try to add the rule, I get an error: >> >>> lilbuddy:~ paimin$ ipfw add deny ip from any to any not >>> verrevpath in >>> ipfw: unknown argument ``not'' >> >> Can someone tell what is causing this syntax to fail? Thanks! > > Works fine for me right now on -STABLE (RELENG_6). > You didn't mention what you were running, so there's not much else we > can tell you. Sorry, I am running 4.11, and nothing weird that I know of that would affect ipfw operation. I found a posting via google from someone with the same question, and then he replied to himself that reading the man page had given him the answer, but he didn't say what that answer was. Tried to email him, but it bounced because my mail gateway doesn't have an SPF record so his server rejected my mail (even though my server DOES have an SPF record -- ugh). Thanks! -- Mark Edwards