Using fw.address

This command manipulates address definitions that the firewall application's packet filtering rules use. Use this command to:

• Add the IP address for a machine that is located on the Internet. When you add an IP address, you name it, e.g., sales_office_boston. You can also include a descriptive comment for the address that you are defining.

• Add a range of IP addresses for machines that are located on the Internet. You only need to specify the beginning IP address and the ending IP address of the range. You name this range when you define it. You can also include a descriptive comment for the range of addresses that you are defining.

• Add a list of IP address that consists of host addresses, ranges of addresses, and other address lists.

• Delete an address by IP address or by name from the address file.

• List a particular address by name or all the address that are currently defined in the address file.

Address Management

The firewall application identifies network elements--networks, subnetworks, and individual hosts--by mapping a named address object to one or more addresses. These address objects are used in defining the firewall application's network interfaces and as a source and destination addresses for rules. An address object can represent a single computer or a whole network. You can gather address objects representing individual and network addresses together to form address groups. The firewall application lets you define address objects that specifically include or exclude other address objects (single IP hosts and ranges of contiguous IP addresses).

Individual IP Addresses

The firewall application identifies an individual host by linking its unique IP address to an address object, which can use the name or IP address of the host.

To Add an Address

1. As root, type the following to add an address, for example:

   # fw.address add myhost HOST 1.1.1.1 "An example of an added \ address named myhost"

Address Ranges

An address range is a set of numerically contiguous IP addresses. Networks and subnetworks are typically identified by an address range name. You use the beginning and ending addresses to identify an IP address range.

To Add a Range of Addresses

1. As root, type the following to add a range of addresses, for example:

   # fw.address add mynet RANGE 1.1.1.1 1.1.1.5 "An example of a \ range of address named mynet"

   The range represents all the addresses inclusive between the address 1.1.1.1 and 1.1.1.5. It is named mynet.

To Delete an Address or a Range of Addresses

1. As root, type the following to delete the range of addresses that you have named myhome, for example:

   # fw.address delete myhome

To List an Address

1. As root, type the following to list a single name of an address or a range of addresses, for example:

   # fw.address list myhome

   The address range currently defined as myhome is listed.

To List All Addresses

1. As root, type the following to list all addresses currently defined:

   # fw.address list

   All addresses currently defined are listed.