ipfw IP ranges
Darek Milewski
darek at nyi.net
Wed Mar 9 08:16:39 PST 2005
Hi there,
trying to specify IP ranges in ipfw. The man page is pretty brief in
this respect, but I understand that I should be able to specify
allow tcp from any to 1.2.3.0/25{14-24} 3389
which should apply the rule to IP block of 1.2.3.14 through 1.2.3.24.
However, I was just closing down 1.2.3.127 and noticed that a port that
was closed was accessible. Turns out the rule above was matching
traffic going to 1.2.3.127:3389.
When running 'ipfw show' the allow from above is listed as
allow tcp from any to 1.2.3.0/25 3389
So it looks like my original syntax enabled the rule for the whole /25
subnet. Am I doing this wrong? If so, how can I specify ranges
explicitly, meaning not using smaller subnets. IE: 1.2.3.14-27 instead
of 1.2.3.14/28, which would not be very precise of a match. Perhaps I
should be using /24 istead of /25?
Thanks!
More information about the freebsd-questions
mailing list