Date: Tue, 13 May 2008 09:04:21 +0700 From: budsz <budiyt@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: Syntax base IP Message-ID: <4d4dc3640805121904i7fd5da1bl1af6f41830889942@mail.gmail.com> In-Reply-To: <4d4dc3640805061548v44e28b8aue4a683d263d878bf@mail.gmail.com> References: <4d4dc3640805040840t5725fb4ejfd19da3c3f78ec73@mail.gmail.com> <48201E0D.60803@yandex.ru> <4d4dc3640805061548v44e28b8aue4a683d263d878bf@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, May 6, 2008 at 3:59 PM, Andrey V. Elsukov <bu7cher@yandex.ru> wrote:
> budsz wrote:
>
> >
> > ipunlimit="192.168.0.100/32,10.35.4.1/32,202.129.189.42/32,\
> > 202.129.189.45/32,125.163.77.180/32,202.43.167.70/32,\
> >
> 202.43.167.72/32,202.43.161.119/32,202.10.32.10/32,202.93.20.22/32,\
> > 202.93.20.23/32,202.93.20.24/32,122.102.49.132/32,\
> > 202.43.161.124/32,202.93.247.26/32,202.93.247.28/32"
> >
> > ${fwcmd} add 100 pipe 1 ip from ${ippriviix} to { not ${ipunlimit} }
> > ${portlim} via ${ifint0}
> > ${fwcmd} add 101 pipe 1 ip from { not ${ipunlimit} } ${portlim} to
> > ${ippriviix} via ${ifint0}
> >
> > Executing firewall I got error message like this:
> > #sh /etc/rc.firewall
> > ipfw: opcode 6 size 33 wrong
> > ipfw: getsockopt(IP_FW_ADD): Invalid argument
> > ipfw: opcode 2 size 33 wrong
> > ipfw: getsockopt(IP_FW_ADD): Invalid argument
> >
>
Hallo,
I got some problem here, these are the example of the rules i've set:
portlim="20-21,80,88,443,2009,8080,8088,10007,18755"
bwunlimit="64Kbit/s"
${fwcmd} pipe 1 config bw ${bwunlimit}
${fwcmd} table 1 add 10.35.4.1/32 1
${fwcmd} table 1 add 122.102.49.132/32 1
${fwcmd} table 1 add 125.163.77.180/32 1
${fwcmd} table 1 add 192.168.0.100/32 1
${fwcmd} table 1 add 202.10.32.10/32 1
${fwcmd} table 1 add 202.129.189.42/32 1
${fwcmd} table 1 add 202.129.189.45/32 1
${fwcmd} table 1 add 202.43.161.119/32 1
${fwcmd} table 1 add 202.43.161.124/32 1
${fwcmd} table 1 add 202.43.167.70/32 1
${fwcmd} table 1 add 202.43.167.72/32 1
${fwcmd} table 1 add 202.93.20.22/32 1
${fwcmd} table 1 add 202.93.20.23/32 1
${fwcmd} table 1 add 202.93.20.24/32 1
${fwcmd} table 1 add 202.93.247.26/32 1
${fwcmd} table 1 add 202.93.247.28/32 1
${fwcmd} add 100 pipe tablearg ip from ${ippriviix} to not "table(1)"
${portlim} via ${ifint0}
${fwcmd} add 101 pipe tablearg ip from not "table(1)" ${portlim} to
${ippriviix} via ${ifint0}
As a result, those ip addresses can pass. But any other ip adresses
(other than) those above could not be accessed, as if it were blocked.
My intention is to limit (NOT blocking) any other ip addresses (other
than) those ip's above. How could i use the 'not' keyword for above
case ?
Thank You
--
budsz
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4d4dc3640805121904i7fd5da1bl1af6f41830889942>