Date: Fri, 7 Jun 1996 01:42:56 +1000 (GMT+1000) From: Information Help Desk <info@adn.edu.ph> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: IPFW: Problem with specifying IP addr range Message-ID: <Pine.LNX.3.91.960607012725.15285A-100000@sili.adn.edu.ph>
next in thread | raw e-mail | index | archive | help
HI !!! I am using FreeBSD 2.2-960501-SNAP. Recently experimented on ip firewaling and accounting. I tried to add the rule below, ipfw 9 add count all from 165.220.57.241:255.255.255.240 to any 80 out My intention was to monitor http accesses from subnet 165.220.57.240. Based from what I read in the ipfw man pages, this rule would match all packets from subnet 165.220.57.240, or hosts and workstations in this subnet. Out of curiosity, I verified this and tried to add the following rules, ipfw 8 add count all from 165.220.57.241 to any 80 out ipfw 7 add count all from 165.220.57.242 to any 80 out I reset the IP accounting with 'ipfw zero'. And, I issued a series of 'ipfw -a list'. I noticed that the number of packets that matched rule 9 is also the same number of packets that matched rule 8. And the number of packets that matched rule 7 is different with the number of packets that matched rule8. This means that rule 9 just matches packets from a specific IP being 165.220.57.241 and *not* IPs 165.220.57.241 to 254. Is there a bug in ipfw or is it just with the rules I tried ? Anything I missed out? -- jf
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.91.960607012725.15285A-100000>