Subject: Re: How do I do this with IPFW2? - msg#00049

Previous Message by Date: click to view message preview

Re: How do I do this with IPFW2?

* On 29/10/06 05:51 -0300, m0f0x wrote: | On Sun, 29 Oct 2006 10:28:37 +0300 | Odhiambo WASHINGTON <odhiambo.raburu@xxxxxxxxxxxx> wrote: | | > * On 28/10/06 15:07 +0100, Joe Holden wrote: | > | Odhiambo WASHINGTON wrote: | > | > Here is my network definition, with two IP blocks. | > | > | > | > my_ip_blocks = "62.8.64.0/19 196.200.32.0/20" | > | > | > | > I'd like to do something like below: | > | > | > | > ipfw pipe 1 config bw 1024Kbit/s | > | > ipfw add pipe 1 tcp from me to not $my_ip_blocks 25 | > | > | > | > | > | > What I can't find is how to _correctly_ define my_ip_blocks | > | > in the rule in a way ipfw2 will accept. | > | > | > | | > | What release? I know the following will work in -CURRENT (Courtesy | > | of the manual pages for IPFW): | > | | > | my_ip_blocks="62.8.64.0/19, 196.200.32.0/20" | > | ipfw pipe 1 config bw 1024Kbit/s | > | ipfw add pipe 1 tcp from me to not $my_ip_blocks 25 | > | > | > Hi Joe, | > | > Yes, this really helped. After I removed the "{}" surrounding the | > declaration of $my_ip_blocks, the pipe now behaves as expected. | > | > I am running IPFW2 (as I mentioned in the subject) on FreeBSD 6.2-PRE. | > | > I am wondering if this would be possible on IPFW2 built in FreeBSD | > 4.11 | For 4.X systems: | | * Build a kernel with | options IPFW2 | | * Remake ipfw and libalias... | cd /usr/src/sbin/ipfw | make clean | make -DIPFW2 | make -DIPFW2 install | | cd /usr/src/lib/libalias | make clean | make -DIPFW2 | make -DIPFW2 install | | Source: | http://cvs.freebsd.uwaterloo.ca/twiki/bin/view/Freebsd/StatefulFirewalling Wonderful! This works great. Thanks a heap! -Wash http://www.netmeister.org/news/learn2quote.html DISCLAIMER: See http://www.wananchi.com/bms/terms.php -- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington <wash@xxxxxxxxxxxx> Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+ Seleznick's Theory of Holistic Medicine: Ice Cream cures all ills. _______________________________________________ freebsd-ipfw@xxxxxxxxxxx mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@xxxxxxxxxxx"

Next Message by Date: click to view message preview

Re: bin/104921: [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (another variation on PR 91245)

Synopsis: [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (another variation on PR 91245) Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: linimon Responsible-Changed-When: Mon Oct 30 09:10:35 UTC 2006 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=104921 _______________________________________________ freebsd-ipfw@xxxxxxxxxxx mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@xxxxxxxxxxx"

Previous Message by Thread: click to view message preview

Re: How do I do this with IPFW2?

What about use ipfw tables? ipfw table 1 add 62.8.64.0/19 ipfw table 1 add 196.200.32.0/20 ipfw add pipe 1 tcp from me to not table'(1)' 25 Cesar ----- Original Message ----- From: "Odhiambo WASHINGTON" <odhiambo.raburu@xxxxxxxxxxxx> To: <freebsd-ipfw@xxxxxxxxxxx> Sent: Saturday, October 28, 2006 9:19 AM Subject: How do I do this with IPFW2? Here is my network definition, with two IP blocks. my_ip_blocks = "62.8.64.0/19 196.200.32.0/20" I'd like to do something like below: ipfw pipe 1 config bw 1024Kbit/s ipfw add pipe 1 tcp from me to not $my_ip_blocks 25 What I can't find is how to _correctly_ define my_ip_blocks in the rule in a way ipfw2 will accept. Thank you. -- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington <wash@xxxxxxxxxxxx> Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+ Beware of self-styled experts: an ex is a has-been, and a spurt is a drip under pressure. _______________________________________________ freebsd-ipfw@xxxxxxxxxxx mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@xxxxxxxxxxx" _______________________________________________ freebsd-ipfw@xxxxxxxxxxx mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@xxxxxxxxxxx"

Next Message by Thread: click to view message preview

Re: bin/104921: [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (another variation on PR 91245)

Synopsis: [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (another variation on PR 91245) Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: linimon Responsible-Changed-When: Mon Oct 30 09:10:35 UTC 2006 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=104921 _______________________________________________ freebsd-ipfw@xxxxxxxxxxx mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@xxxxxxxxxxx"