From owner-freebsd-questions Tue May 7 13:47:16 2002 Delivered-To: freebsd-questions@freebsd.org Received: from goose.prod.itd.earthlink.net (goose.mail.pas.earthlink.net [207.217.120.18]) by hub.freebsd.org (Postfix) with ESMTP id 090A037B400 for ; Tue, 7 May 2002 13:47:03 -0700 (PDT) Received: from sdn-ar-003dcwashp020.dialsprint.net ([206.133.21.28] helo=moo.holy.cow) by goose.prod.itd.earthlink.net with esmtp (Exim 3.33 #2) id 175BrO-00069Z-00 for freebsd-questions@freebsd.org; Tue, 07 May 2002 13:46:58 -0700 Received: by moo.holy.cow (Postfix, from userid 1001) id 931FE50C33; Tue, 7 May 2002 16:48:44 -0400 (EDT) Date: Tue, 7 May 2002 16:48:44 -0400 From: parv To: f-q Subject: ipf - "log" problem when port is specified (after mar. 16 2002 source) Message-ID: <20020507204844.GA43365@moo.holy.cow> Mail-Followup-To: f-q Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG after upgrading to freebsd -stable (may 2 2002) & ipf source dating apr. 27 2002, w/ following ipf rule... log body in on tun0 from any to any port < 1025 group 200 ...i get error message.. 111: cannot use port and neither tcp or udp ...where 111 is the line number of quoted rule. i didn't have this problem w/ freebsd -stable source as of mar. 16 2002. i don't want to log every blocked packet as that would be unnecessary (for me), only (blocked) traffic on some ports. is there any way to do logging based on port number/range? i am thinking of filing a pr. below are some ipf rules to give you an idea... block out from any to any block in from any to any pass in quick on lo0 from 127.0.0.1/24 to 127.0.0.1/24 head 300 pass out quick on lo0 from 127.0.0.1/24 to 127.0.0.1/24 head 500 block in on tun0 from any to any head 200 #log body in on tun0 from any to any port < 1025 group 200 #log body in on tun0 from any to any port = 8000 group 200 #log body in on tun0 from any to any port = 8080 group 200 block out on tun0 from any to any head 400 pass out quick on tun0 proto tcp from any to any keep state keep frags group 400 pass out quick on tun0 proto udp from any to any keep state group 400 - parv -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message