diff options
author | luigi <luigi@FreeBSD.org> | 2002-08-21 05:57:41 +0000 |
---|---|---|
committer | luigi <luigi@FreeBSD.org> | 2002-08-21 05:57:41 +0000 |
commit | e149c638d400638932b76cf340bc205023f2e5b7 (patch) | |
tree | f45e61c3a322a163b611fa234cfeeb0785027f97 /sbin/ipfw | |
parent | 1696ab648fc898846013faf1b1127eb3714a9101 (diff) | |
download | FreeBSD-src-e149c638d400638932b76cf340bc205023f2e5b7.zip FreeBSD-src-e149c638d400638932b76cf340bc205023f2e5b7.tar.gz |
Whoops, the manpage lied... ipfw2 has always accepted addr:mask
specifications.
Diffstat (limited to 'sbin/ipfw')
-rw-r--r-- | sbin/ipfw/ipfw.8 | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 index 0a37318..62b66ed 100644 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -771,6 +771,20 @@ This format is particularly useful to handle sparse address sets within a single rule. Because the matching occurs using a bitmask, it takes constant time and dramatically reduces the complexity of rulesets. +.It Ar addr Ns : Ns Ar mask +Matches all addresses with base +.Ar addr +(specified as a dotted quad or a hostname) +and the mask of +.Ar mask , +specified as a dotted quad. +As an example, 1.2.3.4/255.0.255.0 will match +1.*.3.*. +We suggest to use this form only for non-contiguous +masks, and resort to the +.Ar addr Ns / Ns Ar masklen +format for contiguous masks, which is more compact and less +error-prone. .El .It Ar ports : Oo Cm not Oc Bro Ar port | port Ns \&- Ns Ar port Ns Brc Op , Ns Ar ... For protocols which support port numbers (such as TCP and UDP), optional @@ -1646,17 +1660,6 @@ does not supports address sets (those in the form .Ar addr/masklen{num,num,...} ). .Pp -A minor difference between -.Nm ipfw1 -and -.Nm ipfw2 -is that the former allows addresses to be specified as -.Ar ipno:mask -where the mask can be an arbitrary bitmask instead of -a countiguous set of bits. -.Nm ipfw2 -no longer supports this syntax though it would be trivial -to reintroduce it as it is supported on the kernel side. .It Port specifications .Nm ipfw1 only allows one port range when specifying TCP and UDP ports, and |