Re: IPFW blocking ip ranges

From: Brett Glass <brett_at_lariat.net>
Date: Fri, 07 Jun 2024 18:32:12 UTC
IPFW has the ability to block subnets (ranges that can be matched with a
base address and bitmask), e.g. 1.184.192.0/18, with just one pattern within
a rule. Arbitrary ranges and discontiguous sets that can't be matched that
way can use:

* An "or block" (several patterns enclosed within braces and 
separated by "or");

* Multiple rules; or

* An "address set" (a subnet specification followed by a list of 
addresses within
a subnet that's /24 or smaller).

The IPFW man page gives a grammar and shows examples. Search for "addr-list"
within the page to find the right section.

--Brett

At 11:41 AM 6/7/2024, you wrote:

>Can you tell me how to block in ipfw a certain ip range in one 
>line, like 1.184.192.0 - 1.184.255.255
>Thanks.