Re: ipfw.config - how to block ip ranges

Subject: Re: ipfw.config - how to block ip ranges
From: david <email@hidden>
Date: Sun, 21 Oct 2007 23:26:59 -0400
Delivered-to: email@hidden
Delivered-to: email@hidden
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:mime-version:in-reply-to:references:content-type:message-id:content-transfer-encoding:from:subject:date:to:x-mailer; bh=ZTW9HVV3IN8YV3Eixup3YtHB1jvFiaTCWzSwIv7+Y9k=; b=qyqHPsmelgS4GvzwNqACYqbNLTAsIC4TpwmdgVFXAPvQLzkw/lwJD34e49yrmzUCGgFUkAngJtANTF8CbEjLwW0JHcgr0SOY5/GFwwpvFJCLqAxOJO5hFuzkV+IMdIMcmItyBudB2IelSUBLLVkwh3kQSmqQy/nI5kMT4dj1hEc=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:mime-version:in-reply-to:references:content-type:message-id:content-transfer-encoding:from:subject:date:to:x-mailer; b=tIcYFXfxHkCM3jqrs29ROxCznJi3FNjSh5byY2OqR6wJK3burVzCPJyatBoyqmv0AxSi4ICCCXy22FrNYOa7otphiqtqZh297VuIesIeb4s5PWp9ZEWnAxKxSz3ebisOlAySMBsOXpIZPVVzya67P4mv37DXjX3F6ZteE2NwsJg=


On Oct 21, 2007, at 2:08 PM, Cameron Knowlton wrote:

when trying:
add deny log tcp from 75.119.0.0 - 75.119.95.255 to any dst-port 25 in
or
add deny log tcp from 75.119.0.0-75.119.95.255 to any dst-port 25 in
Does not seem to work.
Correct, because neither one of those follows the example of using a range you yourself already provided. Re-read the example of a range you provided above. See how you specified a range for 83.0.0.0 to 82.255.255.255? That used a CIDR block. Additionally you can use a netmask. See the docs.

Note, that since the above range you're trying to deny isn't expressible using a single netmask. That leads me to question if indeed that's really the range you wanted since you're not describing a network anyway. If indeed it is the range you wanted, break it down into two (or more) CIDR blocks according to the networks you're trying to represent.
Good call, Dan.
Steve at al, here's a handy little CIDR calculator, I've used this a lot for configuring Postfix blocks:
http://www.dnsstuff.com/tools/cidr.ch
hope this helps.

Or use whatmask locally (google "whatmask" and you'll find an online tool as well) http://www.laffeycomputer.com/whatmask.html _______________________________________________ Do not post admin requests to the list. They will be ignored. Macos-x-server mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: This email sent to email@hidden Follow-Ups: Re: ipfw.config - how to block ip ranges *SOLVED* From: Steve Elman <email@hidden> References: >ipfw.config - how to block ip ranges (From: Steve Elman <email@hidden>) >Re: ipfw.config - how to block ip ranges (From: Dan Shoop <email@hidden>) >Re: ipfw.config - how to block ip ranges (From: Steve Elman <email@hidden>) >Re: ipfw.config - how to block ip ranges (From: Dan Shoop <email@hidden>) >Re: ipfw.config - how to block ip ranges (From: Cameron Knowlton <email@hidden>) Prev by Date: Re: SIPS via web or other method Next by Date: Re: Leopard Migration Guide Previous by thread: Re: ipfw.config - how to block ip ranges Next by thread: Re: ipfw.config - how to block ip ranges *SOLVED* Index(es): Date Thread Home Archives Terms/Conditions Contact RSS Lists About Visit the Apple Store online or at retail locations. 1-800-MY-APPLE Contact Apple | Terms of Use | Privacy Policy Copyright © 2011 Apple Inc. All rights reserved.

References:
	>ipfw.config - how to block ip ranges (From: Steve Elman <email@hidden>)
	>Re: ipfw.config - how to block ip ranges (From: Dan Shoop <email@hidden>)
	>Re: ipfw.config - how to block ip ranges (From: Steve Elman <email@hidden>)
	>Re: ipfw.config - how to block ip ranges (From: Dan Shoop <email@hidden>)
	>Re: ipfw.config - how to block ip ranges (From: Cameron Knowlton <email@hidden>)