Date: Fri, 1 Oct 2004 19:57:08 -0300 From: "Juliao Braga - Rede Pegasus" <juliao@braga.eti.br> To: <ipfw@FreeBSD.org> Subject: ipfw2 syntax to specify address sets Message-ID: <079101c4a809$fab1b9e0$aa6fc3c8@redepegasus.com.br> References: <20040929195920.GC1807@green.homeunix.org> <20041001031248.GC3411@green.homeunix.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
I'm using a 5.2.1 version:
[root@unidade1 root]# uname -a
FreeBSD unidade1.redepegasus.com.br 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0:=
=20
Fri Jun 18 15:08:10 BRT 2004=20
root@unidade1.redepegasus.com.br:/usr/src/sys/i386/compile/UNIDADE1 i386
and created the following rules:
ipsmsn=3D"{ 192.168.0.0/24{1,6,23,58,65,111} or 192.168.1.0/24{32,34,60} or=
=20
192.168.3.0/24{4} }"
...
ipfw add 00200 check-state
...
#KAZAA/MSN/YAHOO
ipfw add 40210 allow all from any to ${ipsmsn} 1863,5050,5190 keep-state
ipfw add 40211 allow all from ${ipsmsn} to any 1863,5050,5190 keep-state
#additional MSN ports
ipfw add 40212 allow all from any to ${ipsmsn}=20
6891-6901,6801,2001-2120,7801-7825 keep-state
ipfw add 40213 allow all from ${ipsmsn} to any=20
6891-6901,6801,2001-2120,7801-7825 keep-state
ipfw add 40214 deny all from any to any 6891-6901,6801,2001-2120,7801-7825=
=20
keep-state
ipfw add 40223 deny all from any to any 5190 keep-state # ICQ deny
And I'm getting from ipfw -a l:
...
40210 0 0 allow ip from any to 0.0.7.71,0.0.19.186,0.0.20.70=
=20
keep-state
Some help about?
Thank you,
Juliao
---
Rede Pegasus
http://www.redepegasus.com.br
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?079101c4a809$fab1b9e0$aa6fc3c8>