How do I do this with IPFW2?

m0f0x el.mofo at uol.com.br
Sun Oct 29 08:51:59 UTC 2006 

On Sun, 29 Oct 2006 10:28:37 +0300
Odhiambo WASHINGTON <odhiambo.raburu at wananchi.com> wrote:

> * On 28/10/06 15:07 +0100, Joe Holden wrote:
> | Odhiambo WASHINGTON wrote:
> | > Here is my network definition, with two IP blocks.
> | > 
> | >         my_ip_blocks = "62.8.64.0/19 196.200.32.0/20"
> | > 
> | > I'd like to do something like below:
> | > 
> | >         ipfw pipe 1 config bw 1024Kbit/s
> | >         ipfw add pipe 1 tcp from me to not $my_ip_blocks 25
> | > 
> | > 
> | > What I can't find is how to _correctly_ define my_ip_blocks
> | > in the rule in a way ipfw2 will accept.
> | > 
> | 
> | What release? I know the following will work in -CURRENT (Courtesy
> | of the manual pages for IPFW):
> | 
> | my_ip_blocks="62.8.64.0/19, 196.200.32.0/20"
> | ipfw pipe 1 config bw 1024Kbit/s
> | ipfw add pipe 1 tcp from me to not $my_ip_blocks 25
> 
> 
> Hi Joe,
> 
> Yes, this really helped. After I removed the "{}" surrounding the
> declaration of $my_ip_blocks, the pipe now behaves as expected.
> 
> I am running IPFW2 (as I mentioned in the subject) on FreeBSD 6.2-PRE.
> 
> I am wondering if this would be possible on IPFW2 built in FreeBSD
> 4.11
For 4.X systems:

	*  Build a kernel with
		options         IPFW2

	* Remake ipfw and libalias...
		cd /usr/src/sbin/ipfw
		make clean
		make -DIPFW2
		make -DIPFW2 install

		cd /usr/src/lib/libalias
		make clean
		make -DIPFW2
		make -DIPFW2 install

Source:
http://cvs.freebsd.uwaterloo.ca/twiki/bin/view/Freebsd/StatefulFirewalling

> 
> 
> -Wash
> 
> http://www.netmeister.org/news/learn2quote.html
> 
> DISCLAIMER: See http://www.wananchi.com/bms/terms.php
> 
> --
> +======================================================================
> +
>     |\      _,,,---,,_     | Odhiambo Washington
>     |<wash at wananchi.com>
> Zzz /,`.-'`'    -.  ;-;;,_ | Wananchi Online Ltd.   www.wananchi.com
>    |,4-  ) )-,_. ,\ (  `'-'| Tel: +254 20 313985-9  +254 20 313922
>   '---''(_/--'  `-'\_)     | GSM: +254 722 743223   +254 733 744121
> +======================================================================
> +
> 
> The law will never make men free; it is men who have got to make the
> law free.
> 		-- Henry David Thoreau

More information about the freebsd-ipfw mailing list