Hello!
On Wed, 12 Jul 2006, Brian Candler wrote:
Firstly, "from any XXX" is giving two different 'from' items. I guess you
meant "from not { 10.20.0.0/16 or 10.30.0.0/16 }". But that doesn't work
either:
# ipfw add 00100 count ip from not { 10.20.0.0/16 or 10.30.0.0/16 } to any
via fxp0 in
ipfw: hostname ``{'' unknown
...
The obvious boolean transformation doesn't work, since "and" is not allowed
either: i.e.
# ipfw add 00100 count ip from { not 10.20.0.0/16 and not 10.30.0.0/16 } to
any via fxp0 in
ipfw: missing ")"
Correct, there is no 'and' keyword in ipfw syntax, since it's redundant:
a simple ',' in address list means 'and'. So this can be written as:
ipfw add 100 count ip from not 10.20.0.0/16,10.30.0.0/16 to any via fxp0 in
since 'not' in the src and dst definitions refers to the whole list:
addr: [not] {any | me | me6 table(number[,value]) | addr-list | addr-set}
(an '|' is missing between 'me6' and 'table...' here, isn't it?)
Sincerely, Dmitry
--
Atlantis ISP, System Administrator
e-mail: [EMAIL PROTECTED]
nic-hdl: LYNX-RIPE
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
