OK, I could use this:
my_services="192.168.1.1:445 or 192.168.1.2:445"
But is there a more convenient way to do this?
Regards
Matthias
-------- Forwarded Message --------
Subject: Re: IPFW3 problems with network lists
Date: Sun, 17 Jan 2016 17:20:57 +0100
From: Matthias Play <[email protected]>
To: bycn82 <[email protected]>
Hi Bill,
thanks for the quick response (as usual ;)).
Yeah, concerning logging I use log 1 and log 2 at the moment that
logging traffic to ipfw1 and ipfw2 interfaces respectively.
BTW, I want to use this list feature in conjunction with a specific
destination port like this:
ipfw3 add allow ip from x or y to a or b dst-port 445 via igb1
This syntax does not work. I also tried: port 445, ports:445, 445 and
:445. Nothing is accepted by ipfw3.
What would be the line to use?
Regards
Matthias
On 17.01.16 16:33, bycn82 wrote:
Hi Matthias,
There are 2 different places compare to IPFW from FreeBSD
1. You dont need "{" and "}", you can use below
ipfw3 add allow log 1 all *from 192.168.1.1 or 192.168.1.2* to 192.168.0.1
2. log 1 means it will duplicate the traffic to ipfw0 interface.
currently it supports ipfw0 ~ ipfw9 only. just dont want to waste too
much memory and most of time, 10 logging destinations are enough to use
i think.
Regards,
Bill Yuan
On 17 January 2016 at 23:09, Matthias Play <[email protected]
<mailto:[email protected]>> wrote:
Hi,
I use a shell script to setup my ipfw3 firewall and want to define
network lists to shorten my rule set. For that I used the approach
described inside the example section on ipfw3 in 'man ipfw3' like
the following:
#!/bin/sh
nets_allowed="{ 192.168.1.1 or 192.168.1.2 }"
ipfw3 add allow log 1 ip in from ${nets_allowed} to 192.168.0.1
When I run this script I get the following error:
ipfw3: hostname ``{'' unknown
Can you also reproduce this error?
Regards
Matthias
