IPFW manpage suggestion

Giorgos Keramidas keramida at freebsd.org
Wed Oct 4 17:30:23 UTC 2006 

On 2006-09-28 23:00, Josh Paetzel <josh at tcbug.org> wrote:
> I have a friend who's converting from linux to FreeBSD.  He's trying 
> to set up ipfw and was reading through the ipfw manpage.  He asked me 
> some questions about examples in the manpage and while I think the 
> manpage is very clear it is perhaps a poor example.
> 
> As an example, an address specified as 1.2.3.4/24{128,35-55,89}
> will match the following IP addresses:
> 1.2.3.128, 1.2.3.35 to 1.2.3.55, 1.2.3.89
> 
> This is perfectly clear and works exactly as stated but the choice of 
> 1.2.3.4/24 as a network number isn't the best in my opinion.  His 
> question was whether the example would match 1.2.3.4.  It doesn't of 
> course but perhaps the example would make more sense as:
> 1.2.3.0/24{128,35-55,89}
> 
> This also opens to door to what happens if you do something like:
> 1.2.3.15/25{215-220}  I regret to say I don't have a box I can 
> actually test that on though.
> 
> There are other places in the manpage where a network number would 
> make more sense than an IP but the one I pointed out seems to be the 
> most glaring.
> 
> I'm willing to do the grunt work if it's determined it's worth 
> changing.

Does the following patch look ok for this?

%%%
# HG changeset patch
# User Giorgos Keramidas <keramida at ceid.upatras.gr>
# Date 1159982994 -10800
# Node ID 299cbe729a9fc56f44776222743b46e50eef893a
# Parent  96f4a04b54780e0191daea12c6cef569ad2725d4
Switch to using network numbers whenever possible.

Submitted by:   Josh Paetzel <josh at tcbug.org>

diff -r 96f4a04b5478 -r 299cbe729a9f sbin/ipfw/ipfw.8
--- a/sbin/ipfw/ipfw.8	Tue Oct 03 21:04:04 2006 +0300
+++ b/sbin/ipfw/ipfw.8	Wed Oct 04 20:29:54 2006 +0300
@@ -951,20 +951,20 @@ Hostnames are resolved at the time the r
 .It Ar addr Ns / Ns Ar masklen
 Matches all addresses with base
 .Ar addr
-(specified as an IP address or a hostname)
+(specified as an IP address, a network number, or a hostname)
 and mask width of
 .Cm masklen
 bits.
-As an example, 1.2.3.4/25 will match
+As an example, 1.2.3.4/25 or 1.2.3.0/25 will match
 all IP numbers from 1.2.3.0 to 1.2.3.127 .
 .It Ar addr Ns : Ns Ar mask
 Matches all addresses with base
 .Ar addr
-(specified as an IP address or a hostname)
+(specified as an IP address, a network number, or a hostname)
 and the mask of
 .Ar mask ,
 specified as a dotted quad.
-As an example, 1.2.3.4:255.0.255.0 will match
+As an example, 1.2.3.4:255.0.255.0 or 1.0.3.0:255.0.255.0 will match
 1.*.3.*.
 This form is advised only for non-contiguous
 masks.
@@ -977,7 +977,7 @@ error-prone.
 .It Ar list : Bro Ar num | num-num Brc Ns Op Ns , Ns Ar list
 Matches all addresses with base address
 .Ar addr
-(specified as an IP address or a hostname)
+(specified as an IP address, a network number, or a hostname)
 and whose last byte is in the list between braces { } .
 Note that there must be no spaces between braces and
 numbers (spaces after commas are allowed).
@@ -997,6 +997,7 @@ the complexity of rulesets.
 the complexity of rulesets.
 .br
 As an example, an address specified as 1.2.3.4/24{128,35-55,89}
+or 1.2.3.0/24{128,35-55,89}
 will match the following IP addresses:
 .br
 1.2.3.128, 1.2.3.35 to 1.2.3.55, 1.2.3.89 .
%%%

More information about the freebsd-doc mailing list