[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: blocking traffic to RFC1918 addresses
From:       "Toomas Aas" <toomas.aas () raad ! tartu ! ee>
Date:       2002-12-20 12:27:25
[Download RAW message or body]

From:          "Slawek" <sgp@telsatgp.com.pl>
Date:          Fri, 20 Dec 2002 11:00:54 +0100

> Toomas Aas wrote:
> 
> >> block in log quick on xl0 from any to 192.168.0.0/16 head 1234
> >> block in on xl0 from any to 192.168.128.1/32 group 1234
> >
> > Given my limited understanding of groups, I hesitate to ask: don't you
> > mean 'pass' in the second rule? i.e. block to 192.168.0.0/16, but allow
> > to 192.168.128.1?
> 
> No. I mean "block in but without quick".

In the meantime I had managed to try it out with 'pass' and it seemed 
to work the way I wanted. Now that I (seem to) better understand things 
I'll try replacing 'pass' with 'block' and see what happens.

Thanks for your help!

--
Toomas Aas | toomas.aas@raad.tartu.ee | http://www.raad.tartu.ee/~toomas/
* Would a fly without wings be called a walk?

[prev in list] [next in list] [prev in thread] [next in thread]