Hi all -
I'm trying to play around with setting up an IPFW that limits connections to only IP ranges in my organization's domain. I'm used to using a default
I would like to only allow connections from IP addresses, using
Is there a shorthand syntax for expressing a range instead of using the CIDR notation?
Thanks in advance for your thoughts.
I'm trying to play around with setting up an IPFW that limits connections to only IP ranges in my organization's domain. I'm used to using a default
firewall_enable="YES"
and firewall_type="workstation"
in /etc/rc.conf, and haven't found anything explicit in the ipfw(8)() man page. But! that's probably because I don't know exactly what to look for: I'm generally weak with network-related topics.I would like to only allow connections from IP addresses, using
1.23.0.0
as an example starting range, as follows:
Bash:
#!/bin/sh
ipfw -q -f flush
lo="lo0"
iif="bge0"
cmd="ipfw -q add"
ks="keep-state"
# possible?
$cmd 00300 allow all from 1.23.0.0-1.23.215.254 to any in via $iif
# more likely?
$cmd 00300 allow all from 1.23.0.0/17 to any in via $iif
$cmd 00301 allow all from 1.23.128.0/18 to any in via $iif
$cmd 00302 allow all from 1.23.192.0/20 to any in via $iif
# etc
# some kind of final expression to block all external traffic
$cmd 00999 deny all from all to all
Is there a shorthand syntax for expressing a range instead of using the CIDR notation?
Thanks in advance for your thoughts.