[CFT] new tables for ipfw
Willem Jan Withagen
wjw at digiware.nl
Thu Aug 14 16:15:50 UTC 2014
On 14-8-2014 17:20, Alexander V. Chernikov wrote:
>> I've found the notation ipnr:something rather frustrating when using
>> ipv6 addresses. Sort of like typing a ipv6 address in a browser, the
>> last :xx is always interpreted as portnumber, UNLESS you wrap it in []'s.
>> compare
>> 2001:4cb8:3:1::1
>> 2001:4cb8:3:1::1:80
>> [2001:4cb8:3:1::1]:80
>> The first and the last are the same host but a different port, the
>> middle one is just a different host.
>>
>> Could/should we do the same in ipfw?
> Well, we should, but I'm unsure if we have host:port notation anywhere
> in current (or new) syntax:
I now remember the case, sort of I think:
When using an IPv6 address the last time I ran into the snag with:
(From the ipfw(8) manual)
ip-addr:
....
addr:mask
Matches all addresses with base addr (specified as an IP
address, a network number, or a hostname) and the mask of
mask, specified as a dotted quad. As an example,
1.2.3.4:255.0.255.0 or 1.0.3.0:255.0.255.0 will match
1.*.3.*. This form is advised only for non-contiguous
masks. It is better to resort to the addr/masklen format
for contiguous masks, which is more compact and less
Which tried to use the last quad of an IPv6 adress in a very convoluted
case, which I cannot reproduce any longer.
Reading the manual, one of my problems is now clearly a RTFM:
how to use ftp-data in a rule without the complaint that data
is not a valid port-name. :)
again something learned.
--WjW
More information about the freebsd-net
mailing list