From owner-freebsd-questions@freebsd.org Wed Feb 5 21:30:28 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EF2C222F816 for ; Wed, 5 Feb 2020 21:30:28 +0000 (UTC) (envelope-from SRS0=BW4z=3Z=vega.codepro.be=kp@codepro.be) Received: from mercury.codepro.be (mercury.codepro.be [IPv6:2001:4b98:dc0:41:216:3eff:fe31:eda8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "monitoring.codepro.be", Issuer "Let's Encrypt Authority X3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 48CZVC3Kf9z4Ck6 for ; Wed, 5 Feb 2020 21:30:27 +0000 (UTC) (envelope-from SRS0=BW4z=3Z=vega.codepro.be=kp@codepro.be) Received: from venus.codepro.be (venus.codepro.be [5.9.86.228]) by mercury.codepro.be (Postfix) with ESMTPS id 3C141904FC; Wed, 5 Feb 2020 21:28:47 +0000 (UTC) Received: from vega.codepro.be (unknown [172.16.1.3]) by venus.codepro.be (Postfix) with ESMTP id 4136BFE4B; Wed, 5 Feb 2020 22:30:24 +0100 (CET) Received: by vega.codepro.be (Postfix, from userid 1001) id 384C51949A; Wed, 5 Feb 2020 22:30:24 +0100 (CET) Date: Wed, 5 Feb 2020 22:30:24 +0100 From: Kristof Provost To: Andreas X Cc: freebsd-questions@freebsd.org Subject: Re: ipfw for udp on FreeBSD 12.1? Message-ID: <20200205213024.GA9143@vega.codepro.be> References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Checked-By-NSA: Probably X-Rspamd-Queue-Id: 48CZVC3Kf9z4Ck6 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of SRS0=BW4z=3Z=vega.codepro.be=kp@codepro.be designates 2001:4b98:dc0:41:216:3eff:fe31:eda8 as permitted sender) smtp.mailfrom=SRS0=BW4z=3Z=vega.codepro.be=kp@codepro.be X-Spamd-Result: default: False [-3.56 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2001:4b98:dc0:41:216:3eff:fe31:eda8]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; DMARC_NA(0.00)[freebsd.org]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_MED(-0.20)[8.a.d.e.1.3.e.f.f.f.e.3.6.1.2.0.1.4.0.0.0.c.d.0.8.9.b.4.1.0.0.2.list.dnswl.org : 127.0.9.2]; RCPT_COUNT_TWO(0.00)[2]; RCVD_TLS_LAST(0.00)[]; FORGED_SENDER(0.30)[kp@freebsd.org,SRS0=BW4z=3Z=vega.codepro.be=kp@codepro.be]; FREEMAIL_TO(0.00)[gmail.com]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:29169, ipnet:2001:4b98::/32, country:FR]; FROM_NEQ_ENVFROM(0.00)[kp@freebsd.org,SRS0=BW4z=3Z=vega.codepro.be=kp@codepro.be]; IP_SCORE(-2.36)[ip: (-7.03), ipnet: 2001:4b98::/32(-3.52), asn: 29169(-1.24), country: FR(0.00)] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Feb 2020 21:30:29 -0000 On 2020-02-06 00:21:10 (+0300), Andreas X wrote: > Hello. > > I use ipfw with options such as: firewall_type="workstation" and > firewall_myservices="21 22 80 443" for my server via rc.conf file. > > I need to add an UDP port range to allow, for vsftpd (PASV). However ipfw > doesn't has any settings as I heard and "firewall_myservices" only supports > TCP ports. Any idea how to manage that issue? > > The internet has a lot of tutorials for adding "firewall_myservices_tcp" > "firewall_myservices_udp" support, none of them worked for 12.1 > > And, anyone got any idea why FreeBSD 10 supports such tags for IPFW, but > 12.1 not? > > https://svnweb.freebsd.org/base/head/etc/rc.firewall?view=markup&pathrev=273201 I'd expect firewall_myservices="53/udp" to open UDP port 53. As per that commit message you should update your existing services to be 21/tcp and such. Regards, Kristof