How do I do this with IPFW2?

Odhiambo WASHINGTON odhiambo.raburu at wananchi.com
Sun Oct 29 10:27:52 UTC 2006


* On 29/10/06 05:51 -0300, m0f0x wrote:
| On Sun, 29 Oct 2006 10:28:37 +0300
| Odhiambo WASHINGTON <odhiambo.raburu at wananchi.com> wrote:
| 
| > * On 28/10/06 15:07 +0100, Joe Holden wrote:
| > | Odhiambo WASHINGTON wrote:
| > | > Here is my network definition, with two IP blocks.
| > | > 
| > | >         my_ip_blocks = "62.8.64.0/19 196.200.32.0/20"
| > | > 
| > | > I'd like to do something like below:
| > | > 
| > | >         ipfw pipe 1 config bw 1024Kbit/s
| > | >         ipfw add pipe 1 tcp from me to not $my_ip_blocks 25
| > | > 
| > | > 
| > | > What I can't find is how to _correctly_ define my_ip_blocks
| > | > in the rule in a way ipfw2 will accept.
| > | > 
| > | 
| > | What release? I know the following will work in -CURRENT (Courtesy
| > | of the manual pages for IPFW):
| > | 
| > | my_ip_blocks="62.8.64.0/19, 196.200.32.0/20"
| > | ipfw pipe 1 config bw 1024Kbit/s
| > | ipfw add pipe 1 tcp from me to not $my_ip_blocks 25
| > 
| > 
| > Hi Joe,
| > 
| > Yes, this really helped. After I removed the "{}" surrounding the
| > declaration of $my_ip_blocks, the pipe now behaves as expected.
| > 
| > I am running IPFW2 (as I mentioned in the subject) on FreeBSD 6.2-PRE.
| > 
| > I am wondering if this would be possible on IPFW2 built in FreeBSD
| > 4.11
| For 4.X systems:
| 
| 	*  Build a kernel with
| 		options         IPFW2
| 
| 	* Remake ipfw and libalias...
| 		cd /usr/src/sbin/ipfw
| 		make clean
| 		make -DIPFW2
| 		make -DIPFW2 install
| 
| 		cd /usr/src/lib/libalias
| 		make clean
| 		make -DIPFW2
| 		make -DIPFW2 install
| 
| Source:
| http://cvs.freebsd.uwaterloo.ca/twiki/bin/view/Freebsd/StatefulFirewalling



Wonderful! This works great.
Thanks a heap!



-Wash

http://www.netmeister.org/news/learn2quote.html

DISCLAIMER: See http://www.wananchi.com/bms/terms.php

--
+======================================================================+
    |\      _,,,---,,_     | Odhiambo Washington    <wash at wananchi.com>
Zzz /,`.-'`'    -.  ;-;;,_ | Wananchi Online Ltd.   www.wananchi.com
   |,4-  ) )-,_. ,\ (  `'-'| Tel: +254 20 313985-9  +254 20 313922
  '---''(_/--'  `-'\_)     | GSM: +254 722 743223   +254 733 744121
+======================================================================+

Seleznick's Theory of Holistic Medicine:
	Ice Cream cures all ills.


More information about the freebsd-ipfw mailing list