Date: Sat, 20 Sep 2003 20:42:21 +0200 (CEST) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-ipfw@FreeBSD.ORG Subject: Re: ssh/scp filtering, iplen problem Message-ID: <200309201842.h8KIgLNs069297@lurza.secnetix.de> In-Reply-To: <20030920162019.GA30356@shellma.zin.lublin.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
Pawel Malachowski <pawmal-posting@freebsd.lublin.pl> wrote: > On Sat, Sep 20, 2003 at 05:10:24PM +0200, Oliver Fromme wrote: > > According to ipfw(8), there is an "iplen" option for > > filtering -- but it filters on an exact size. What I > > need is a way to specify a rule that matches on, say, > > packets on port 22 that are larger than 1000 bytes. > > Is that possible with IPFW2? > > Yes, thanks to Luigi it is possible to use iplen ranges. Thanks, now I found it in 4-stable in the CVS repo. Unfortunately I'm running 4.8-Release, which doesn't have that feature. Well, 4.9 isn't too far in the future, so I will just wait a little bit. :-) Thanks for the hint, Pawel! Regards Oliver -- Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "Unix gives you just enough rope to hang yourself -- and then a couple of more feet, just to be sure." -- Eric Allman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200309201842.h8KIgLNs069297>