[afnog] ipfw question
Brian Candler
B.Candler at pobox.com
Thu Nov 9 13:30:13 UTC 2006
On Thu, Nov 09, 2006 at 05:19:03AM -0800, Tumi Mogale wrote:
> 2 - i want all traffic from 10.0.2.0/24 to be denied
> access to 10.0.3.0/24 but be allowed access to
> 10.0.1.0/24 (the net)
>
> here is the rule i thought would work for case 2:
>
> ipfw add 00xx allow all from 10.0.2.0/24 to any not
> 10.0.3.0/24
>
> (or is this a bad use of the "not" syntax?)
Did it give you an error when you tried to load it?
I don't think the destination can be "any" and "not 10.0.3.0/24" at the same
time. But I think you can do
allow all from 10.0.2.0/24 to not 10.0.3.0/24
Read 'man ipfw' carefully.
Regards,
Brian.
More information about the afnog
mailing list