ipfw2 syntax to specify address sets
Julião Braga - Rede Pegasus
jb at redepegasus.com.br
Mon Oct 4 15:20:26 PDT 2004
Hi,
I'm using a 5.2.1 version:
[root at unidade1 root]# uname -a
FreeBSD unidade1.redepegasus.com.br 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0:
Fri Jun 18 15:08:10 BRT 2004
root at unidade1.redepegasus.com.br:/usr/src/sys/i386/compile/UNIDADE1 i386
and created the following rules:
ipsmsn="{ 192.168.0.0/24{1,6,23,58,65,111} or 192.168.1.0/24{32,34,60} or
192.168.3.0/24{4} }"
...
ipfw add 00200 check-state
...
#KAZAA/MSN/YAHOO
ipfw add 40210 allow all from any to ${ipsmsn} 1863,5050,5190 keep-state
ipfw add 40211 allow all from ${ipsmsn} to any 1863,5050,5190 keep-state
#additional MSN ports
ipfw add 40212 allow all from any to ${ipsmsn}
6891-6901,6801,2001-2120,7801-7825 keep-state
ipfw add 40213 allow all from ${ipsmsn} to any
6891-6901,6801,2001-2120,7801-7825 keep-state
ipfw add 40214 deny all from any to any 6891-6901,6801,2001-2120,7801-7825
keep-state
ipfw add 40223 deny all from any to any 5190 keep-state # ICQ deny
And I'm getting from ipfw -a l:
...
40210 0 0 allow ip from any to 0.0.7.71,0.0.19.186,0.0.20.70
keep-state
Some help about?
Thank you,
Juliao
---
Rede Pegasus
http://www.redepegasus.com.br
More information about the freebsd-ipfw
mailing list