IP FILTER and network address
Steve Bertrand
iaccounts at ibctech.ca
Wed May 2 20:38:30 UTC 2007
Tun Eler wrote:
> Hi all,
> i want to have these two rules in the ipf.rules file
>
> pass in quick on $oif proto tcp from 217.83.122.17/8 to $myip port = 22 flags S keep state
> pass in quick on $oif proto tcp from 217.83.89.61/8 to $myip port = 22 flags S keep state
>
> where $iof is my interface. Executing the config file i get the following error
>
> ioctl(add/insert rule): File exists
>
> Which means the rule is being loaded twice. But the networka addresses above are
> different!!! If i comment any of the above two lines, ipf executes fine.
> Any idea how to solve this error, and allow only these two networks above?
> Thanks in advance ...
Appending your IP with /8 ends you up with two rules that essentially
look like this (AFAIK):
pass in quick on $oif proto tcp from 217.0.0.0/8 to $myip port = 22
flags S keep state
pass in quick on $oif proto tcp from 217.0.0.0/8 to $myip port = 22
flags S keep state
Perhaps you want to filter the IP's only, like:
pass in quick on $oif proto tcp from 217.83.122.17/32 to $myip port = 22
flags S keep state
pass in quick on $oif proto tcp from 217.83.89.61/32 to $myip port = 22
flags S keep state
Regards,
Steve
More information about the freebsd-questions
mailing list