From owner-freebsd-ipfw@FreeBSD.ORG  Sat Sep 20 11:42:24 2003
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0863116A4B3
	for <freebsd-ipfw@FreeBSD.ORG>; Sat, 20 Sep 2003 11:42:24 -0700 (PDT)
Received: from lurza.secnetix.de (lurza.secnetix.de [195.143.231.20])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9C04D43FCB
	for <freebsd-ipfw@FreeBSD.ORG>; Sat, 20 Sep 2003 11:42:22 -0700 (PDT)
	(envelope-from olli@lurza.secnetix.de)
Received: from lurza.secnetix.de (vmzsxe@localhost [127.0.0.1])
	by lurza.secnetix.de (8.12.9p1/8.12.8) with ESMTP id h8KIgLOC069298
	for <freebsd-ipfw@FreeBSD.ORG>; Sat, 20 Sep 2003 20:42:21 +0200 (CEST)
	(envelope-from oliver.fromme@secnetix.de)
Received: (from olli@localhost)
	by lurza.secnetix.de (8.12.9p1/8.12.8/Submit) id h8KIgLNs069297;
	Sat, 20 Sep 2003 20:42:21 +0200 (CEST)
Date: Sat, 20 Sep 2003 20:42:21 +0200 (CEST)
Message-Id: <200309201842.h8KIgLNs069297@lurza.secnetix.de>
From: Oliver Fromme <olli@lurza.secnetix.de>
To: freebsd-ipfw@FreeBSD.ORG
In-Reply-To: <20030920162019.GA30356@shellma.zin.lublin.pl>
X-Newsgroups: list.freebsd-ipfw
User-Agent: tin/1.5.4-20000523 ("1959") (UNIX) (FreeBSD/4.8-RELEASE (i386))
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Subject: Re: ssh/scp filtering, iplen problem
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: freebsd-ipfw@FreeBSD.ORG
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Sep 2003 18:42:24 -0000

Pawel Malachowski <pawmal-posting@freebsd.lublin.pl> wrote:
 > On Sat, Sep 20, 2003 at 05:10:24PM +0200, Oliver Fromme wrote:
 > > According to ipfw(8), there is an "iplen" option for
 > > filtering -- but it filters on an exact size.  What I
 > > need is a way to specify a rule that matches on, say,
 > > packets on port 22 that are larger than 1000 bytes.
 > > Is that possible with IPFW2?
 > 
 > Yes, thanks to Luigi it is possible to use iplen ranges.

Thanks, now I found it in 4-stable in the CVS repo.
Unfortunately I'm running 4.8-Release, which doesn't
have that feature.  Well, 4.9 isn't too far in the
future, so I will just wait a little bit.  :-)

Thanks for the hint, Pawel!

Regards
   Oliver

-- 
Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

"Unix gives you just enough rope to hang yourself --
and then a couple of more feet, just to be sure."
        -- Eric Allman