Re: verrevpath -- ipfw: unknown argument ``not''
Mark Edwards wrote: On Nov 26, 2005, at 7:18 AM, Lowell Gilbert wrote: Mark Edwards [EMAIL PROTECTED] writes: I am trying to implement the verrevpath suggestion in the ipfw man page, as follows: The verrevpath option could be used to do automated anti- spoofing by adding the following to the top of a ruleset: ipfw add deny ip from any to any not verrevpath in However, when I try to add the rule, I get an error: lilbuddy:~ paimin$ ipfw add deny ip from any to any not verrevpath in ipfw: unknown argument ``not'' Can someone tell what is causing this syntax to fail? Thanks! Works fine for me right now on -STABLE (RELENG_6). You didn't mention what you were running, so there's not much else we can tell you. Sorry, I am running 4.11, and nothing weird that I know of that would affect ipfw operation. I found a posting via google from someone with the same question, and then he replied to himself that reading the man page had given him the answer, but he didn't say what that answer was. Tried to email him, but it bounced because my mail gateway doesn't have an SPF record so his server rejected my mail (even though my server DOES have an SPF record -- ugh). IPFW can be compiled with a bunch of extra goodies under FreeBSD 4.x -- as I remember, this includes the syntactic bits like 'not' and probably the reverse path stuff too. To do this you need: IPFW2=true in /etc/make.conf and options IPFW2 in your kernel config. Then do the whole {build,install}{kernel,world} thing to enable that. Under 4.x this effectively upgrades you to the same version of IPFW which is standard in 5.x or above. The upgrade was not made the default in 4.x because it isn't entirely backwards compatible, and for POLA reasons, the FreeBSD project forbids changing kernel ABIs and so breaking systems on a routine update within the same major version number. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: verrevpath -- ipfw: unknown argument ``not''
Mark Edwards [EMAIL PROTECTED] writes: I am trying to implement the verrevpath suggestion in the ipfw man page, as follows: The verrevpath option could be used to do automated anti- spoofing by adding the following to the top of a ruleset: ipfw add deny ip from any to any not verrevpath in However, when I try to add the rule, I get an error: lilbuddy:~ paimin$ ipfw add deny ip from any to any not verrevpath in ipfw: unknown argument ``not'' Can someone tell what is causing this syntax to fail? Thanks! Works fine for me right now on -STABLE (RELENG_6). You didn't mention what you were running, so there's not much else we can tell you. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: verrevpath -- ipfw: unknown argument ``not''
On Nov 26, 2005, at 7:18 AM, Lowell Gilbert wrote: Mark Edwards [EMAIL PROTECTED] writes: I am trying to implement the verrevpath suggestion in the ipfw man page, as follows: The verrevpath option could be used to do automated anti- spoofing by adding the following to the top of a ruleset: ipfw add deny ip from any to any not verrevpath in However, when I try to add the rule, I get an error: lilbuddy:~ paimin$ ipfw add deny ip from any to any not verrevpath in ipfw: unknown argument ``not'' Can someone tell what is causing this syntax to fail? Thanks! Works fine for me right now on -STABLE (RELENG_6). You didn't mention what you were running, so there's not much else we can tell you. Sorry, I am running 4.11, and nothing weird that I know of that would affect ipfw operation. I found a posting via google from someone with the same question, and then he replied to himself that reading the man page had given him the answer, but he didn't say what that answer was. Tried to email him, but it bounced because my mail gateway doesn't have an SPF record so his server rejected my mail (even though my server DOES have an SPF record -- ugh). Thanks! -- Mark Edwards ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
verrevpath -- ipfw: unknown argument ``not''
I am trying to implement the verrevpath suggestion in the ipfw man page, as follows: The verrevpath option could be used to do automated anti- spoofing by adding the following to the top of a ruleset: ipfw add deny ip from any to any not verrevpath in However, when I try to add the rule, I get an error: lilbuddy:~ paimin$ ipfw add deny ip from any to any not verrevpath in ipfw: unknown argument ``not'' Can someone tell what is causing this syntax to fail? Thanks! -- Mark Edwards ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]