On 14-8-2014 17:20, Alexander V. Chernikov wrote: >> I've found the notation ipnr:something rather frustrating when using >> ipv6 addresses. Sort of like typing a ipv6 address in a browser, the >> last :xx is always interpreted as portnumber, UNLESS you wrap it in []'s. >> compare >> 2001:4cb8:3:1::1 >> 2001:4cb8:3:1::1:80 >> [2001:4cb8:3:1::1]:80 >> The first and the last are the same host but a different port, the >> middle one is just a different host. >> >> Could/should we do the same in ipfw? > Well, we should, but I'm unsure if we have host:port notation anywhere > in current (or new) syntax:
I now remember the case, sort of I think: When using an IPv6 address the last time I ran into the snag with: (From the ipfw(8) manual) ip-addr: .... addr:mask Matches all addresses with base addr (specified as an IP address, a network number, or a hostname) and the mask of mask, specified as a dotted quad. As an example, 1.2.3.4:255.0.255.0 or 1.0.3.0:255.0.255.0 will match 1.*.3.*. This form is advised only for non-contiguous masks. It is better to resort to the addr/masklen format for contiguous masks, which is more compact and less Which tried to use the last quad of an IPv6 adress in a very convoluted case, which I cannot reproduce any longer. Reading the manual, one of my problems is now clearly a RTFM: how to use ftp-data in a rule without the complaint that data is not a valid port-name. :) again something learned. --WjW _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"