Fwd: Re: IPFW3 problems with network lists

Matthias Play matthias_play at gmx.net
Sun Jan 17 08:25:04 PST 2016 

OK, I could use this:

	my_services="192.168.1.1:445 or 192.168.1.2:445"

But is there a more convenient way to do this?

Regards
Matthias


-------- Forwarded Message --------
Subject: Re: IPFW3 problems with network lists
Date: Sun, 17 Jan 2016 17:20:57 +0100
From: Matthias Play <matthias_play at gmx.net>
To: bycn82 <bycn82 at gmail.com>

Hi Bill,

thanks for the quick response (as usual ;)).

Yeah, concerning logging I use log 1 and log 2 at the moment that
logging traffic to ipfw1 and ipfw2 interfaces respectively.

BTW, I want to use this list feature in conjunction with a specific
destination port like this:

ipfw3 add allow ip from x or y to a or b dst-port 445 via igb1

This syntax does not work. I also tried: port 445, ports:445, 445 and
:445. Nothing is accepted by ipfw3.

What would be the line to use?

Regards
Matthias

On 17.01.16 16:33, bycn82 wrote:
> Hi Matthias,
>
> There are 2 different places compare to IPFW from FreeBSD
>
> 1. You dont need "{" and "}", you can use below
> ipfw3 add allow log 1 all *from 192.168.1.1 or 192.168.1.2* to 192.168.0.1
>
> 2. log 1 means it will duplicate the traffic to ipfw0 interface.
>   currently it supports ipfw0 ~ ipfw9 only. just dont want to waste too
> much memory and most of time, 10 logging destinations are enough to use
> i think.
>
> Regards,
> Bill Yuan
>
> On 17 January 2016 at 23:09, Matthias Play <matthias_play at gmx.net
> <mailto:matthias_play at gmx.net>> wrote:
>
>     Hi,
>
>     I use a shell script to setup my ipfw3 firewall and want to define
>     network lists to shorten my rule set. For that I used the approach
>     described inside the example section on ipfw3 in 'man ipfw3'  like
>     the following:
>
>              #!/bin/sh
>              nets_allowed="{ 192.168.1.1 or 192.168.1.2 }"
>              ipfw3 add allow log 1 ip in from ${nets_allowed} to 192.168.0.1
>
>     When I run this script I get the following error:
>
>              ipfw3: hostname ``{'' unknown
>
>     Can you also reproduce this error?
>
>     Regards
>     Matthias
>
>

More information about the Users mailing list