Date: Tue, 7 May 2002 16:48:44 -0400 From: parv <parv@pair.com> To: f-q <freebsd-questions@freebsd.org> Subject: ipf - "log" problem when port is specified (after mar. 16 2002 source) Message-ID: <20020507204844.GA43365@moo.holy.cow>
next in thread | raw e-mail | index | archive | help
after upgrading to freebsd -stable (may 2 2002) & ipf source dating apr. 27 2002, w/ following ipf rule... log body in on tun0 from any to any port < 1025 group 200 ...i get error message.. 111: cannot use port and neither tcp or udp ...where 111 is the line number of quoted rule. i didn't have this problem w/ freebsd -stable source as of mar. 16 2002. i don't want to log every blocked packet as that would be unnecessary (for me), only (blocked) traffic on some ports. is there any way to do logging based on port number/range? i am thinking of filing a pr. below are some ipf rules to give you an idea... block out from any to any block in from any to any pass in quick on lo0 from 127.0.0.1/24 to 127.0.0.1/24 head 300 pass out quick on lo0 from 127.0.0.1/24 to 127.0.0.1/24 head 500 block in on tun0 from any to any head 200 #log body in on tun0 from any to any port < 1025 group 200 #log body in on tun0 from any to any port = 8000 group 200 #log body in on tun0 from any to any port = 8080 group 200 block out on tun0 from any to any head 400 pass out quick on tun0 proto tcp from any to any keep state keep frags group 400 pass out quick on tun0 proto udp from any to any keep state group 400 - parv -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020507204844.GA43365>