Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
Re: ipfw.config - how to block ip ranges
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipfw.config - how to block ip ranges



On Oct 20, 2007, at 12:37 PM, Steve Elman wrote:

Hello,

I currently have my internal firewall running and I have my ipfw.config set up and currently blocking multiple known spamming ip address like this:

add deny log tcp from 83.0.0.0/8 to any dst-port 25 in

In reading the server docs and the man pages it is not clear to me how to block a range of ip's such as 75.119.0.0 - 75.119.95.255

You just provided an example of how to block a range above.

when trying:

add deny log tcp from 75.119.0.0 - 75.119.95.255 to any dst-port 25 in

or

add deny log tcp from 75.119.0.0-75.119.95.255 to any dst-port 25 in

Does not seem to work.

Additionally how does one block a range and then allow an ip within the blocked range? If possible?

ipfw uses "first match wins". ALLOW before your DENY.

Ah OK sorry I missed that.

Pointing me to the correct documentation or a link to an article would be great but I can't seem to find on on this subject.

Google is your friend. Seriously, didn't you try to Google for "ipfw"??? Worked for me. ipfw is from of FreeBSD.

Yes I did Google, I guess I posed my question wrong. Thanks!

y
Steve
                 Steve Elman
       http://www.TheMacMan.Net
    http://www.GoOnlineAspen.Com
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden


References: 
 >ipfw.config - how to block ip ranges (From: Steve Elman <email@hidden>)
 >Re: ipfw.config - how to block ip ranges (From: Dan Shoop <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2011 Apple Inc. All rights reserved.