Re: verrevpath -- ipfw: unknown argument ``not''
Mark Edwards wrote:
On Nov 26, 2005, at 7:18 AM, Lowell Gilbert wrote:
Mark Edwards [EMAIL PROTECTED] writes:
I am trying to implement the verrevpath suggestion in the ipfw man
page, as follows:
The verrevpath option could be used to do automated anti-
spoofing by
adding the following to the top of a ruleset:
ipfw add deny ip from any to any not verrevpath in
However, when I try to add the rule, I get an error:
lilbuddy:~ paimin$ ipfw add deny ip from any to any not verrevpath in
ipfw: unknown argument ``not''
Can someone tell what is causing this syntax to fail? Thanks!
Works fine for me right now on -STABLE (RELENG_6).
You didn't mention what you were running, so there's not much else we
can tell you.
Sorry, I am running 4.11, and nothing weird that I know of that would
affect ipfw operation.
I found a posting via google from someone with the same question, and
then he replied to himself that reading the man page had given him the
answer, but he didn't say what that answer was. Tried to email him,
but it bounced because my mail gateway doesn't have an SPF record so
his server rejected my mail (even though my server DOES have an SPF
record -- ugh).
IPFW can be compiled with a bunch of extra goodies under FreeBSD 4.x
-- as I remember, this includes the syntactic bits like 'not' and
probably the reverse path stuff too. To do this you need:
IPFW2=true
in /etc/make.conf and
options IPFW2
in your kernel config. Then do the whole {build,install}{kernel,world}
thing to enable that.
Under 4.x this effectively upgrades you to the same version of IPFW which
is standard in 5.x or above. The upgrade was not made the default in 4.x
because it isn't entirely backwards compatible, and for POLA reasons, the
FreeBSD project forbids changing kernel ABIs and so breaking systems on a
routine update within the same major version number.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
signature.asc
Description: OpenPGP digital signature
Re: verrevpath -- ipfw: unknown argument ``not''
Mark Edwards [EMAIL PROTECTED] writes: I am trying to implement the verrevpath suggestion in the ipfw man page, as follows: The verrevpath option could be used to do automated anti- spoofing by adding the following to the top of a ruleset: ipfw add deny ip from any to any not verrevpath in However, when I try to add the rule, I get an error: lilbuddy:~ paimin$ ipfw add deny ip from any to any not verrevpath in ipfw: unknown argument ``not'' Can someone tell what is causing this syntax to fail? Thanks! Works fine for me right now on -STABLE (RELENG_6). You didn't mention what you were running, so there's not much else we can tell you. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: verrevpath -- ipfw: unknown argument ``not''
On Nov 26, 2005, at 7:18 AM, Lowell Gilbert wrote: Mark Edwards [EMAIL PROTECTED] writes: I am trying to implement the verrevpath suggestion in the ipfw man page, as follows: The verrevpath option could be used to do automated anti- spoofing by adding the following to the top of a ruleset: ipfw add deny ip from any to any not verrevpath in However, when I try to add the rule, I get an error: lilbuddy:~ paimin$ ipfw add deny ip from any to any not verrevpath in ipfw: unknown argument ``not'' Can someone tell what is causing this syntax to fail? Thanks! Works fine for me right now on -STABLE (RELENG_6). You didn't mention what you were running, so there's not much else we can tell you. Sorry, I am running 4.11, and nothing weird that I know of that would affect ipfw operation. I found a posting via google from someone with the same question, and then he replied to himself that reading the man page had given him the answer, but he didn't say what that answer was. Tried to email him, but it bounced because my mail gateway doesn't have an SPF record so his server rejected my mail (even though my server DOES have an SPF record -- ugh). Thanks! -- Mark Edwards ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
verrevpath -- ipfw: unknown argument ``not''
I am trying to implement the verrevpath suggestion in the ipfw man page, as follows: The verrevpath option could be used to do automated anti- spoofing by adding the following to the top of a ruleset: ipfw add deny ip from any to any not verrevpath in However, when I try to add the rule, I get an error: lilbuddy:~ paimin$ ipfw add deny ip from any to any not verrevpath in ipfw: unknown argument ``not'' Can someone tell what is causing this syntax to fail? Thanks! -- Mark Edwards ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
