|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
On Oct 20, 2007, at 1:39 PM, Steve Elman wrote:
On Oct 20, 2007, at 12:37 PM, Steve Elman wrote:
I currently have my internal firewall running and I have my ipfw.config set up and currently blocking multiple known spamming ip address like this:
add deny log tcp from 220.127.116.11/8 to any dst-port 25 in
In reading the server docs and the man pages it is not clear to me how to block a range of ip's such as 18.104.22.168 - 22.214.171.124
You just provided an example of how to block a range above.
add deny log tcp from 126.96.36.199 - 188.8.131.52 to any dst-port 25 in
add deny log tcp from 184.108.40.206-220.127.116.11 to any dst-port 25 in
Does not seem to work.
Correct, because neither one of those follows the example of using a range you yourself already provided. Re-read the example of a range you provided above. See how you specified a range for 18.104.22.168 to 22.214.171.124? That used a CIDR block. Additionally you can use a netmask. See the docs.
OK I got this now. Thanks. Just a little more calculating...
Note, that since the above range you're trying to deny isn't expressible using a single netmask. That leads me to question if indeed that's really the range you wanted since you're not describing a network anyway. If indeed it is the range you wanted, break it down into two (or more) CIDR blocks according to the networks you're trying to represent.
Additionally how does one block a range and then allow an ip within the blocked range? If possible?
ipfw uses "first match wins". ALLOW before your DENY.
Ah OK sorry I missed that.
Pointing me to the correct documentation or a link to an article would be great but I can't seem to find on on this subject.
Google is your friend. Seriously, didn't you try to Google for "ipfw"??? Worked for me. ipfw is from of FreeBSD.
Yes I did Google, I guess I posed my question wrong. Thanks!
Did you not find the documentation for ipfw along with howto's when you googled for "ipfw"? Seems to hit it for me.
(Though it is unfortunate that Purdue seems to have a Fort Wayne campus...)
Significance? I am a little slow....
Thanks again. y Steve Steve Elman http://www.TheMacMan.Net http://www.GoOnlineAspen.Com _______________________________________________ Do not post admin requests to the list. They will be ignored. Macos-x-server mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: This email sent to email@hidden
Visit the Apple Store online or at retail locations.
Copyright © 2011 Apple Inc. All rights reserved.