IPFW3 problems with network lists

bycn82 bycn82 at gmail.com
Sun Jan 17 07:33:14 PST 2016


Hi Matthias,

There are 2 different places compare to IPFW from FreeBSD

1. You dont need "{" and "}", you can use below
ipfw3 add allow log 1 all *from 192.168.1.1 or 192.168.1.2* to 192.168.0.1

2. log 1 means it will duplicate the traffic to ipfw0 interface.  currently
it supports ipfw0 ~ ipfw9 only. just dont want to waste too much memory and
most of time, 10 logging destinations are enough to use i think.

Regards,
Bill Yuan

On 17 January 2016 at 23:09, Matthias Play <matthias_play at gmx.net> wrote:

> Hi,
>
> I use a shell script to setup my ipfw3 firewall and want to define network
> lists to shorten my rule set. For that I used the approach described inside
> the example section on ipfw3 in 'man ipfw3'  like the following:
>
>         #!/bin/sh
>         nets_allowed="{ 192.168.1.1 or 192.168.1.2 }"
>         ipfw3 add allow log 1 ip in from ${nets_allowed} to 192.168.0.1
>
> When I run this script I get the following error:
>
>         ipfw3: hostname ``{'' unknown
>
> Can you also reproduce this error?
>
> Regards
> Matthias
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20160117/1c2e2e93/attachment-0006.html>


More information about the Users mailing list