From owner-freebsd-questions  Wed May 13 20:09:50 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id UAA19768
          for freebsd-questions-outgoing; Wed, 13 May 1998 20:09:50 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from chipweb.ml.org (c1003518-a.plstn1.sfba.home.com [24.1.82.47])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id UAA19748
          for <freebsd-questions@FreeBSD.ORG>; Wed, 13 May 1998 20:09:41 -0700 (PDT)
          (envelope-from ludwigp@bigfoot.com)
Received: (qmail 10653 invoked by uid 666); 14 May 1998 03:09:42 -0000
Received: from unknown (HELO speedy.chipweb.ml.org) (172.16.1.1)
  by 172.16.1.5 with SMTP; 14 May 1998 03:09:42 -0000
Message-Id: <3.0.3.32.19980513200849.006b2188@mail.plstn1.sfba.home.com>
X-Sender: ludwigp@mail.plstn1.sfba.home.com
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32)
Date: Wed, 13 May 1998 20:08:49 -0700
To: Charlie Root <root@ftp1.mfn.org>, freebsd-questions@FreeBSD.ORG
From: Ludwig Pummer <ludwigp@bigfoot.com>
Subject: Re: IPFW
In-Reply-To: <199805140217.VAA01596@ftp1.mfn.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

At 09:17 PM 5/13/98 -0500, Charlie Root wrote:
>Is this a legal construct?
>
>ipfw add allow all tcp from 10.0.0.0:255.0.0.0 to any tcp 23
                 ^---^-- either/or but not both         ^
                           not sure about this one -----+

ipfw add allow tcp from 10.0.0.0:255.0.0.0 to any 23

>the idea being to allow any tcp based packets from my (obviously ficticious)
>net to any other, provided that these packets have a destination port of 23?
>(outbound telnet - and yes, I realize there is a LOT more to it, I'm just
>not familiar with IPFW syntax, and wanted to check it before I go ahead)...

look at /etc/rc.firewall's different ipfw commands and you can get a pretty
good idea of how it goes. One thing it _does_ neglect are rule numbers,
which make the line be "...add 5000 allow..." so that you can organize
restrictions better.

--Ludwig Pummer
ludwigp@bigfoot.com ludwigp@chipweb.ml.org
ICQ UIN: 692441   http://chipweb.home.ml.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message