From owner-freebsd-ipfw@FreeBSD.ORG Sat Sep 20 12:14:33 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B10DD16A4B3 for ; Sat, 20 Sep 2003 12:14:33 -0700 (PDT) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 002AD43FB1 for ; Sat, 20 Sep 2003 12:14:32 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.9p1/8.12.3) with ESMTP id h8KJEWsd066803 for ; Sat, 20 Sep 2003 12:14:32 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.9p1/8.12.3/Submit) id h8KJEW6q066802 for freebsd-ipfw@freebsd.org; Sat, 20 Sep 2003 12:14:32 -0700 (PDT) (envelope-from rizzo) Date: Sat, 20 Sep 2003 12:14:32 -0700 From: Luigi Rizzo To: freebsd-ipfw@freebsd.org Message-ID: <20030920121432.A66539@xorpc.icir.org> References: <20030920162019.GA30356@shellma.zin.lublin.pl> <200309201842.h8KIgLNs069297@lurza.secnetix.de> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5.1i In-Reply-To: <200309201842.h8KIgLNs069297@lurza.secnetix.de>; from olli@lurza.secnetix.de on Sat, Sep 20, 2003 at 08:42:21PM +0200 Subject: Re: ssh/scp filtering, iplen problem X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Sep 2003 19:14:33 -0000 On Sat, Sep 20, 2003 at 08:42:21PM +0200, Oliver Fromme wrote: > Pawel Malachowski wrote: > > On Sat, Sep 20, 2003 at 05:10:24PM +0200, Oliver Fromme wrote: > > > According to ipfw(8), there is an "iplen" option for > > > filtering -- but it filters on an exact size. What I > > > need is a way to specify a rule that matches on, say, > > > packets on port 22 that are larger than 1000 bytes. > > > Is that possible with IPFW2? > > > > Yes, thanks to Luigi it is possible to use iplen ranges. > > Thanks, now I found it in 4-stable in the CVS repo. > Unfortunately I'm running 4.8-Release, which doesn't the changes only involve sys/netinet/ip_fw2.[ch] sbin/ipfw/ipfw2.c are completely backward compatible. cheers luigi > have that feature. Well, 4.9 isn't too far in the > future, so I will just wait a little bit. :-) > > Thanks for the hint, Pawel! > > Regards > Oliver > > -- > Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München > Any opinions expressed in this message may be personal to the author > and may not necessarily reflect the opinions of secnetix in any way. > > "Unix gives you just enough rope to hang yourself -- > and then a couple of more feet, just to be sure." > -- Eric Allman > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"