Tun Eler wrote: > Hi all, > i want to have these two rules in the ipf.rules file > > pass in quick on $oif proto tcp from 217.83.122.17/8 to $myip port = 22 flags > S keep state > pass in quick on $oif proto tcp from 217.83.89.61/8 to $myip port = 22 flags > S keep state > > where $iof is my interface. Executing the config file i get the following > error > > ioctl(add/insert rule): File exists > > Which means the rule is being loaded twice. But the networka addresses above > are > different!!! If i comment any of the above two lines, ipf executes fine. > Any idea how to solve this error, and allow only these two networks above? > Thanks in advance ...
Appending your IP with /8 ends you up with two rules that essentially look like this (AFAIK): pass in quick on $oif proto tcp from 217.0.0.0/8 to $myip port = 22 flags S keep state pass in quick on $oif proto tcp from 217.0.0.0/8 to $myip port = 22 flags S keep state Perhaps you want to filter the IP's only, like: pass in quick on $oif proto tcp from 217.83.122.17/32 to $myip port = 22 flags S keep state pass in quick on $oif proto tcp from 217.83.89.61/32 to $myip port = 22 flags S keep state Regards, Steve _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"