I have IPFilter v4.1.29 running under NetBSD 5.1 (release). From looking at ipf_y.y, I _think_ ipf.conf supports address lists, e.g...
block in quick on fxp0 from any to ( .../22, .../24 ) port = ... As ipf.conf is read/processed, this would presumably be treated as... block in quick on fxp0 from any to .../22 port = ... block in quick on fxp0 from any to .../24 port = ... I have searched the FAQ, the mailing list archive at marc.info and the man pages, but I can't find anything that documents this (aside from the source, if I'm parsing it correctly). Is the above synopsis essentially correct, or are pools the only way to implement this functionality? I'd like to avoid pools, if necessary, since I only have a couple address ranges to worry about (actually as cited in the exmaple), and the booting process for NetBSD does not yet properly support loading pools at boot time. (I hope this will be corrected in a future NetBSD release.) Thanks, Mike
