Syntax to block 38 IPs

Jack L. Stone jacks at
Fri Feb 6 10:54:19 PST 2004

Thanks for the quick responses.

So, I gather under IPFW(#1), it's either 38 lines or upgrade to IPFW2

I haven't had time to study IPFW2 too well, although I know how to upgrade.
A follow-up question is that, if I do upgrade, will IPFW2 still use my old
rules until I can get around to tuning/tweaking...??

At 10:13 AM 2.6.2004 -0800, Luigi Rizzo wrote:
>On Fri, Feb 06, 2004 at 01:09:48PM -0500, Don Bowman wrote:
>> deny ip from {,, ...} to any 
>this is still inefficient. Better to use
>	deny ip from{131,132,157,190,1,86} ...
>which uses a bitmap to represent the list of hosts and has constant
>processing time as opposed to having to scan a list.
>	cheers
>	luigi
>> this uses IPFW2 I think.
>> from the shell, remember to escape the { as \{.
>> you could also send a RST i suppose, but just dropping it is
>> best.
>> _______________________________________________
>> freebsd-ipfw at mailing list
>> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at"

Best regards,
Jack L. Stone,

Sage American
jacks at

More information about the freebsd-ipfw mailing list