Date: Tue, 28 May 2002 16:32:36 +0200 From: "Patrick O'Reilly" <bsd@perimeter.co.za> To: "Chris Appleton" <appleton_chris@yahoo.com>, <freebsd-questions@FreeBSD.ORG> Subject: Re: ipfw range filter? Message-ID: <001801c20654$84415990$b50d030a@PATRICK> References: <20020528140608.56609.qmail@web14801.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message -----
From: "Chris Appleton" <appleton_chris@yahoo.com>
>
> that makes perfect sense but here's the catch. i'm using the full c
> subnet, meaning all nodes are configured as 1.2.3.0/24 255.255.255.0.
>
> what i'd like to do is segment/target say .230 - .254 (i know the #'s
> don't add) out of the full class c i'm using. only do it at bsd, not
> go around creating proper 'sub' subnets (lazy i guess).
>
> isolate a block/segment of the whole subnet which i'm configured to
use
> in a bsd rule.
You can create a rule like this:
ipfw add 123 allow tcp from any to 1.2.3.240/28 25 setup
Even though your subnet is a /24, this rule will work to single out the
range of addresses from 1.2.3.240 through 1.2.3.255 . So, if you can
set up blocks which match the way IP subnet normally work, you can do
it. I don't know of a way to list an arbitrary range of IPs in one ipfw
rule.
I guess what you want is something like this:
ipfw add 123 allow tcp from any to 1.2.3.230-1.2.3.254 25 setup
But the ipfw syntax does not support such a construct (AFAIK).
Regards,
Patrick O'Reilly.
___ _ __
/ _ )__ __ (_)_ __ ___ _/ /____ __
/ __/ -_) _) / ~ ) -_), ,-/ -_) _)
/_/ \__/_//_/_/~/_/\__/ \__/\__/_/
http://www.perimeter.co.za
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001801c20654$84415990$b50d030a>