From owner-freebsd-ipfw@freebsd.org  Mon Jul 17 05:04:11 2017
Return-Path: <owner-freebsd-ipfw@freebsd.org>
Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id E05B0CF6C49;
 Mon, 17 Jul 2017 05:04:11 +0000 (UTC)
 (envelope-from kulamani.sethi@gmail.com)
Received: from mail-ua0-x232.google.com (mail-ua0-x232.google.com
 [IPv6:2607:f8b0:400c:c08::232])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 96AD972133;
 Mon, 17 Jul 2017 05:04:11 +0000 (UTC)
 (envelope-from kulamani.sethi@gmail.com)
Received: by mail-ua0-x232.google.com with SMTP id 64so4566359uae.2;
 Sun, 16 Jul 2017 22:04:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc; bh=dm4TND03SuXqjDD1z6pV1maT1fqCw3YB2BaHIJwoWSs=;
 b=kfKT1WV4ZDQB5K9GkIXschzhvcoWDjjO6jxDl2B2Ji2LePvhQQ1Y/e/wjEof7g4wwk
 qptkWUzmSSDiGStCzWMK9Oy/hcoa1032u1+fUvCzQsQtclE6dQ5pJX2KIe93/IaCy8+t
 9U2KdgNCO3VBGhQwyGqVTNxtP3M85jGXwQDzlrCWkrC/qoy3S+vc9CIfXjq8CrboxHDj
 w4nRNB6k9pO1MowXpTgJ19QLCuVVrQkCTvCeoQXiqomF1ChNe4AI7vfyZ8a1aO0iszoA
 20BFVwPc8p3jA/n2Jw9mfC5bvyy8YDZJK0FRFyQeTsbASMU/EK8J0anylFIGnuM2eZQZ
 wiFA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=dm4TND03SuXqjDD1z6pV1maT1fqCw3YB2BaHIJwoWSs=;
 b=ud4tMy1RuBR8/yamuHN4o5QE1RBu1RSCdRmzsm9uLAtPtC/3jLBFF0SZwOSWc9pV1f
 iXvjCP8WTKmsN526R5gHxIbNDm++3ZrkOZYgy+a1sVra8tpGaz9cxxHEtlUUv9gRnppe
 0ZPQF3Rtz3ifZfsn9tI2BPffdIj5fK4TbnJMhLrfuBIK8iPYNscjM4XENP3la1Zt8bdd
 gYDAj7umJxwFrZwqfTrdsO24Sn012zFuo774/BHFvNn7e8H7E27FTKZo8UerVtwFsSdg
 CeL2aoFNqnjR/5fokLTzLMLzyco9N8eOdrvsyLYiyZqLs1Cm0EQGqRBslbrI4skHGRMx
 LwiA==
X-Gm-Message-State: AIVw110zgf6dyF57y74LdKIMnodJJHls8jlS9MUFi68rAfXoh7wQKIrh
 exBicxZXXIXOdZxgIjNspbwdmGThVPgc
X-Received: by 10.31.170.201 with SMTP id t192mr9514758vke.100.1500267850474; 
 Sun, 16 Jul 2017 22:04:10 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.81.231 with HTTP; Sun, 16 Jul 2017 22:04:10 -0700 (PDT)
In-Reply-To: <20170715024608.T92704@sola.nimnet.asn.au>
References: <CAC9ZwGaXeZJrCpPu44+9kUmGwgWp8MRaaPjqo5Bs-BmZBkTmbQ@mail.gmail.com>
 <20170715024608.T92704@sola.nimnet.asn.au>
From: Kulamani Sethi <kulamani.sethi@gmail.com>
Date: Mon, 17 Jul 2017 10:34:10 +0530
Message-ID: <CAC9ZwGYKxRMJ+K1igQLBN0xVnUyPyMMaHbt0NoQeRg=ocAUf5Q@mail.gmail.com>
Subject: Re: Unable to set rule using service name
To: Ian Smith <smithi@nimnet.asn.au>
Cc: freebsd-questions@freebsd.org, freebsd-ipfw@freebsd.org
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.23
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw/>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jul 2017 05:04:12 -0000

Hi Lan,
Thanks for your response!

Yes, it is a placeholders. Here is exact real example of service URL.
However it is a Intranet service, you may not access.

service URL1: https://vwddgdptv001.corp.intranet/RISC_1/GDPLogin.aspx

service URL2: https://vwddgdptv001.corp.intranet/GDPT_1/GDPLogin.aspx

Note: RISC_1 and GDPT_1 both are two different service running over a
common server.

I want to set some deny rule over RISC_1 only.


*With best Regards,*

Kulamani Sethi,
Bangalore, India
Mob: 9686190111

On Fri, Jul 14, 2017 at 10:31 PM, Ian Smith <smithi@nimnet.asn.au> wrote:

> On Fri, 14 Jul 2017 16:43:56 +0530, Kulamani Sethi wrote:
>  > Hi,
>  > I want to set a rule for a particular service URL which running on a
> remote
>  > server.
>  > I know the IP but don't know the port number where that service is
> running.
>  > If i set rule for IP then it will applied for entire services running
> over
>  > there.
>  >
>  > There is a option in IPFW rule we can set either port number or name,
> but
>  > it does not accepting using name. Here is a example for my case.
>  >
>  > suppose URL for test1 service  http://x.x.x.x/test1
>  >                  URL for test2 service http://x.x.x.x/test2
>  >
>  > I tried a rule, "ipfw add 104 deny log  ip from x.x.x.x test1 to any".
> Got
>  > error "ipfw: missing "to'' ".
>  > *I want to set rule for test1 where I have no idea about port.*
>  > *Also please help me how to know port number if any way is there.*
>
> RW well described (in freebsd-questions@) the relationship between port
> numbers and service names in /etc/services; assuming you know the name,
> that gives you the number.  Are 'test1' and 'test2' real examples, or
> placeholders for real service names?
>
> In any case, you cannot specify a port number in a rule with proto 'ip';
> when specifying port/s you need to specify 'udp' or 'tcp' protocol.
>
> Can you give an example of the actual packets (protocol, port number/s)
> that you want to block?
>
> cheers, Ian
>