Re: IP FILTER and network address
- From: Steve Bertrand <iaccounts@xxxxxxxxxx>
- Date: Wed, 02 May 2007 16:38:25 -0400
Tun Eler wrote:
Hi all,
i want to have these two rules in the ipf.rules file
pass in quick on $oif proto tcp from 217.83.122.17/8 to $myip port = 22 flags S keep state
pass in quick on $oif proto tcp from 217.83.89.61/8 to $myip port = 22 flags S keep state
where $iof is my interface. Executing the config file i get the following error
ioctl(add/insert rule): File exists
Which means the rule is being loaded twice. But the networka addresses above are
different!!! If i comment any of the above two lines, ipf executes fine.
Any idea how to solve this error, and allow only these two networks above?
Thanks in advance ...
Appending your IP with /8 ends you up with two rules that essentially
look like this (AFAIK):
pass in quick on $oif proto tcp from 217.0.0.0/8 to $myip port = 22
flags S keep state
pass in quick on $oif proto tcp from 217.0.0.0/8 to $myip port = 22
flags S keep state
Perhaps you want to filter the IP's only, like:
pass in quick on $oif proto tcp from 217.83.122.17/32 to $myip port = 22
flags S keep state
pass in quick on $oif proto tcp from 217.83.89.61/32 to $myip port = 22
flags S keep state
Regards,
Steve
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"
- References:
- IP FILTER and network address
- From: Tun Eler
- IP FILTER and network address
- Prev by Date: IP FILTER and network address
- Next by Date: cups permission problems
- Previous by thread: IP FILTER and network address
- Next by thread: Re: IP FILTER and network address
- Index(es):
Relevant Pages
|
