Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'ipfw doesn't do ip ranges?' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
ipfw doesn't do ip ranges?
Authored by: Graff on Mar 09, '02 12:07:00PM

I believe you need to do a netmask for that. If you want to use all addresses starting with 172.211 then you need to put the ip address in this form:
172.211.0.0/16
That will give you all ip numbers in the range 172.211.0.1 to 172.211.255.254. So your example would look like this:
allow tcp from 172.211.0.0/16 to any via 22 in via en0
I'm a bit new at this so I may have gotten it a little mixed up, but I'm fairly certain this works just fine There's a decent guide on all of this at this site.



[ Reply to This | # ]
ipfw doesn't do ip ranges?
Authored by: Graff on Mar 09, '02 12:20:33PM

Heh, actually now I'm not sure if that will work. Use this instead, this should work just fine:

172.211.0.0:255.255.0.0

That will give you all ip numbers in the range 172.211.0.1 to 172.211.255.254. So your example would look like this:

allow tcp from 172.211.0.0:255.255.0.0 to any via 22 in via en0

I'm still fuzzy on the differences between 172.211.0.0:255.255.0.0 and 172.211.0.0/16, but the examples I've seen in setting up firewalls seem to use the x.x.x.x:x.x.x.x format. I would stick with that unless someone else steps in and clarifies it better.



[ Reply to This | # ]