Best Way To Block Range of Addresses with ipfw2?
Dan Nelson
dnelson at allantgroup.com
Wed Feb 8 15:57:12 PST 2006
In the last episode (Feb 08), Drew Tomlinson said:
> On 2/8/2006 3:11 PM Chuck Swiger wrote:
> >Drew Tomlinson wrote:
> >>I want to deny access to addresses in this range:
> >>
> >>84.57.113.0 - 84.61.96.255
> >>
> >>What is the best way to specify this range for ipfw2? There must
> >>be a better way than listing a whole bunch of individual networks.
> >
> >deny ip from 84.56.0.0/13 to any
> >
> >...comes pretty close. Use finer-grained allow rule before that if you
> >need to pass stuff in 84.56.0.0/16, for example.
>
> Thanks. I found that too but was just wondering if there was a way
> to be exact.
You could use an ipfw table to store the required subnets that cover
your range; according to the manpage it's the most efficient way to
store large address sets, and it also saves you from cluttering up your
ruleset.
--
Dan Nelson
dnelson at allantgroup.com
More information about the freebsd-questions
mailing list