Date: Sat, 20 Sep 2003 12:14:32 -0700 From: Luigi Rizzo <rizzo@icir.org> To: freebsd-ipfw@freebsd.org Subject: Re: ssh/scp filtering, iplen problem Message-ID: <20030920121432.A66539@xorpc.icir.org> In-Reply-To: <200309201842.h8KIgLNs069297@lurza.secnetix.de>; from olli@lurza.secnetix.de on Sat, Sep 20, 2003 at 08:42:21PM %2B0200 References: <20030920162019.GA30356@shellma.zin.lublin.pl> <200309201842.h8KIgLNs069297@lurza.secnetix.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Sep 20, 2003 at 08:42:21PM +0200, Oliver Fromme wrote: > Pawel Malachowski <pawmal-posting@freebsd.lublin.pl> wrote: > > On Sat, Sep 20, 2003 at 05:10:24PM +0200, Oliver Fromme wrote: > > > According to ipfw(8), there is an "iplen" option for > > > filtering -- but it filters on an exact size. What I > > > need is a way to specify a rule that matches on, say, > > > packets on port 22 that are larger than 1000 bytes. > > > Is that possible with IPFW2? > > > > Yes, thanks to Luigi it is possible to use iplen ranges. > > Thanks, now I found it in 4-stable in the CVS repo. > Unfortunately I'm running 4.8-Release, which doesn't the changes only involve sys/netinet/ip_fw2.[ch] sbin/ipfw/ipfw2.c are completely backward compatible. cheers luigi > have that feature. Well, 4.9 isn't too far in the > future, so I will just wait a little bit. :-) > > Thanks for the hint, Pawel! > > Regards > Oliver > > -- > Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München > Any opinions expressed in this message may be personal to the author > and may not necessarily reflect the opinions of secnetix in any way. > > "Unix gives you just enough rope to hang yourself -- > and then a couple of more feet, just to be sure." > -- Eric Allman > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030920121432.A66539>