Ilya A. Kovalenko wrote:
Good time of day,
I want to define table, that includes all Internet IP
addresses (i.e. all except fake ones).
Excludes-only table does not work.
table <nInet> {!192.168.0.0/16 !172.16.0.0/12 !10.0.0.0/8}
How can I add all IP addresses onto table ?
"any" causes error
"0/0" does not work (as said on FAQ)
Actually, this is a bug that turns out to be very easy to fix.
Apply the following diff by hand (with "vi", not "patch")
Then 0/0 should work. That should also fixes some IPv6
badness...
Cedric
lapbsd# svn diff pf_table.c
Index: pf_table.c
===================================================================
--- pf_table.c (revision 167)
+++ pf_table.c (working copy)
@@ -880,14 +880,14 @@
if (af == AF_INET) {
sa->sin.sin_len = sizeof(sa->sin);
sa->sin.sin_family = AF_INET;
- sa->sin.sin_addr.s_addr = htonl(-1 << (32-net));
+ sa->sin.sin_addr.s_addr = net ? htonl(-1 << (32-net)) : 0;
} else {
sa->sin6.sin6_len = sizeof(sa->sin6);
sa->sin6.sin6_family = AF_INET6;
for (i = 0; i < 4; i++) {
if (net <= 32) {
sa->sin6.sin6_addr.s6_addr32[i] =
- htonl(-1 << (32-net));
+ net ? htonl(-1 << (32-net)) : 0;
break;
}
sa->sin6.sin6_addr.s6_addr32[i] = 0xFFFFFFFF;
