Date: Thu, 3 Apr 2003 23:28:06 -0800 From: Luigi Rizzo <rizzo@icir.org> To: Sereciya Kurdistani <sereciya@kurdistan.ath.cx> Cc: freebsd-ipfw@freebsd.org Subject: Re: Sereciya :: Some thoughts on IPFW(2) Message-ID: <20030403232806.A58813@xorpc.icir.org> In-Reply-To: <20030404033455.GA31867@kurdistan.ath.cx>; from sereciya@kurdistan.ath.cx on Thu, Apr 03, 2003 at 07:34:55PM -0800 References: <20030404033455.GA31867@kurdistan.ath.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
hi,
> Unlike the documentation in the manpage*, the following syntax -- defined
> block/portnumber list/block -- is not correct:
>
> ipfw add NNNN allow tcp from some_ip to another_ip \{ port_num1, portnum2 \}
i do not believe this form is in the manpage, you certainly need
an "or" operator in a brace-enclosed block.
> Something that would be extremely useful would be support for an implied "and" clause...
there has always been an implicit AND between all components of
ipfw rules, either single match operations ("from xxx")
or or-blocks ("{ iplen 30 or src-port 100-200 }")
cheers
luigi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030403232806.A58813>