Listing multiple subnets w/ specific host addresses..
Pawel Malachowski
pawmal-posting at freebsd.lublin.pl
Sun Nov 7 11:59:14 PST 2004
On Sun, Nov 07, 2004 at 10:37:44PM +0300, Martes Wigglesworth wrote:
> Does anyone know how to list the following rule? I am unable to find a
> working example of such a declaration.
>
> add log ip from any to \{ 192.168.1.0/24{a,b,c} or
> 192.168.2.0/24{d,e,f,g} \}
>
> The backslash works while listing more than one interface at the end of
> rules, however, whenever I use it as above, I get parenthesis errors.
> This current format give the following error on the console:
>
> > sudo ipfw add pass log ip from any to \{ 192.168.1.0/24 { 23,24,35,60
> } or 192.168.2.0/24 { 24,25,26,50 }\}
> ipfw: missing ")"
This is a matter of shell. On tcsh:
% ipfw add 31337 count ip from any to \{ 192.168.1.0/24\{7,5,2\} or 192.168.2.0/24\{1,6,8,11\} \}
31337 count ip from any to { 192.168.1.0/24{2,5,7} or dst-ip 192.168.2.0/24{1,6,8,11} }
% ipfw show 31337
31337 0 0 count ip from any to { 192.168.1.0/24{2,5,7} or dst-ip 192.168.2.0/24{1,6,8,11} }
Still, this `IP or dst-ip IP' on output looks weird...
--
Paweł Małachowski
More information about the freebsd-ipfw
mailing list