From owner-freebsd-security@FreeBSD.ORG Wed Jan 19 18:36:54 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 59CF716A4CE for ; Wed, 19 Jan 2005 18:36:54 +0000 (GMT) Received: from marvin.muc.de (marvin.muc.de [193.149.48.2]) by mx1.FreeBSD.org (Postfix) with SMTP id 485B843D49 for ; Wed, 19 Jan 2005 18:36:53 +0000 (GMT) (envelope-from mod-submit@uni-berlin.de) Received: (qmail 16653 invoked by alias); 19 Jan 2005 18:36:51 -0000 Delivered-To: mods-muc-lists-freebsd-security@moderators.muc.de Received: (qmail 16646 invoked from network); 19 Jan 2005 18:36:51 -0000 Received: from mail.fu-berlin.de (130.133.1.2) by marvin.muc.de with SMTP; 19 Jan 2005 18:36:51 -0000 Received: by Mail.FU-Berlin.DE (Exim 4.42) from curry.zedat.fu-berlin.de ([160.45.10.36]) for muc-lists-freebsd-security@moderators.muc.de with esmtp id <1CrKhH-000Kxg-Ab>; Wed, 19 Jan 2005 19:36:51 +0100 Received: by Curry.ZEDAT.FU-Berlin.DE (Smail3.2.0.98) from news.uni-berlin.de with bsmtp id ; Wed, 19 Jan 2005 19:36:51 +0100 (MET) To: muc-lists-freebsd-security@moderators.muc.de Path: individual.net!not-for-mail From: Rudolf Polzer Newsgroups: mpc.lists.freebsd.security,muc.lists.freebsd.security Followup-To: muc.lists.freebsd.security Date: 19 Jan 2005 18:36:50 GMT Lines: 17 Message-ID: References: <6BBE5C5603D0D611A06F0002A5D6556405FAA185@nyschx22psge.sch.ge.com> <20050119180131.GL19851@techometer.net> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: 8bit X-Orig-X-Trace: individual.net JagOLM7VMtMHrdxkbo3bxQSoq9e8bN655VwLNJOCWa0UsoEvN5 User-Agent: slrn/0.9.8.1 (FreeBSD) X-Mailman-Approved-At: Thu, 20 Jan 2005 13:34:20 +0000 Subject: Re: ipf question X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jan 2005 18:36:54 -0000 ["Followup-To:" header set to muc.lists.freebsd.security.] »Erick Mechler« wrote: > :: pass in quick on xl0 proto tcp/udp from any to any port 137 <> 139 keep > :: state > > This line allows in all tcp and udp ports less than 137 and greater than > 139, which is exactly what you don't want :) If you want to allow all > ports 137-139 inclusive, you need to change it to > > ... port 136 >< 140 keep state > > The < and > operators are not inclusive. I know it has been defined like that. But why? Why wasn't an inclusive .. operator used? There must be a reason for this, but which one is it?