Date: 19 Jan 2005 18:36:50 GMT From: Rudolf Polzer <divzero@gmail.com> To: muc-lists-freebsd-security@moderators.muc.de Subject: Re: ipf question Message-ID: <slrncuta62.tj6.divzero@message-id.durchnull.ath.cx> References: <6BBE5C5603D0D611A06F0002A5D6556405FAA185@nyschx22psge.sch.ge.com> <20050119180131.GL19851@techometer.net>
next in thread | previous in thread | raw e-mail | index | archive | help
["Followup-To:" header set to muc.lists.freebsd.security.] »Erick Mechler« <emechler@techometer.net> wrote: > :: pass in quick on xl0 proto tcp/udp from any to any port 137 <> 139 keep > :: state > > This line allows in all tcp and udp ports less than 137 and greater than > 139, which is exactly what you don't want :) If you want to allow all > ports 137-139 inclusive, you need to change it to > > ... port 136 >< 140 keep state > > The < and > operators are not inclusive. I know it has been defined like that. But why? Why wasn't an inclusive .. operator used? There must be a reason for this, but which one is it?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?slrncuta62.tj6.divzero>