Re: Best Way To Block Range of Addresses with ipfw2?
Drew Tomlinson wrote: I want to deny access to addresses in this range: 84.57.113.0 - 84.61.96.255 What is the best way to specify this range for ipfw2? There must be a better way than listing a whole bunch of individual networks. deny ip from 84.56.0.0/13 to any ...comes pretty close. Use finer-grained allow rule before that if you need to pass stuff in 84.56.0.0/16, for example. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Best Way To Block Range of Addresses with ipfw2?
On 2/8/2006 3:11 PM Chuck Swiger wrote: Drew Tomlinson wrote: I want to deny access to addresses in this range: 84.57.113.0 - 84.61.96.255 What is the best way to specify this range for ipfw2? There must be a better way than listing a whole bunch of individual networks. deny ip from 84.56.0.0/13 to any ...comes pretty close. Use finer-grained allow rule before that if you need to pass stuff in 84.56.0.0/16, for example. Thanks. I found that too but was just wondering if there was a way to be exact. Drew -- Visit The Alchemist's Warehouse Magic Tricks, DVDs, Videos, Books, More! http://www.alchemistswarehouse.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Best Way To Block Range of Addresses with ipfw2?
In the last episode (Feb 08), Drew Tomlinson said: On 2/8/2006 3:11 PM Chuck Swiger wrote: Drew Tomlinson wrote: I want to deny access to addresses in this range: 84.57.113.0 - 84.61.96.255 What is the best way to specify this range for ipfw2? There must be a better way than listing a whole bunch of individual networks. deny ip from 84.56.0.0/13 to any ...comes pretty close. Use finer-grained allow rule before that if you need to pass stuff in 84.56.0.0/16, for example. Thanks. I found that too but was just wondering if there was a way to be exact. You could use an ipfw table to store the required subnets that cover your range; according to the manpage it's the most efficient way to store large address sets, and it also saves you from cluttering up your ruleset. -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]