IPFW has the ability to block subnets (ranges that can be matched with
a
base address and bitmask), e.g.
1.184.192.0/18, with just one pattern
within
a rule. Arbitrary ranges and discontiguous sets that can't be matched
that
way can use:
* An "or block" (several patterns enclosed within braces and
separated by "or");
* Multiple rules; or
* An "address set" (a subnet specification followed by a list
of addresses within
a subnet that's /24 or smaller).
The IPFW man page gives a grammar and shows examples. Search for
"addr-list"
within the page to find the right section.
--Brett