Best Way To Block Range of Addresses with ipfw2?

Dan Nelson dnelson at
Wed Feb 8 15:57:12 PST 2006

In the last episode (Feb 08), Drew Tomlinson said:
> On 2/8/2006 3:11 PM Chuck Swiger wrote:
> >Drew Tomlinson wrote:
> >>I want to deny access to addresses in this range:
> >>
> >> -
> >>
> >>What is the best way to specify this range for ipfw2?  There must
> >>be a better way than listing a whole bunch of individual networks.
> >
> >deny ip from to any
> >
> >...comes pretty close.  Use finer-grained allow rule before that if you 
> >need to pass stuff in, for example.
> Thanks.  I found that too but was just wondering if there was a way
> to be exact.

You could use an ipfw table to store the required subnets that cover
your range; according to the manpage it's the most efficient way to
store large address sets, and it also saves you from cluttering up your

	Dan Nelson
	dnelson at

More information about the freebsd-questions mailing list