From owner-freebsd-questions Wed May 8 13:22:32 2002 Delivered-To: freebsd-questions@freebsd.org Received: from avocet.prod.itd.earthlink.net (avocet.mail.pas.earthlink.net [207.217.120.50]) by hub.freebsd.org (Postfix) with ESMTP id 13DFF37B89A for ; Wed, 8 May 2002 13:21:10 -0700 (PDT) Received: from sdn-ar-004dcwashp036.dialsprint.net ([206.133.21.148] helo=moo.holy.cow) by avocet.prod.itd.earthlink.net with esmtp (Exim 3.33 #2) id 175Xvp-0006kM-00; Wed, 08 May 2002 13:21:01 -0700 Received: by moo.holy.cow (Postfix, from userid 1001) id 706DC50C33; Wed, 8 May 2002 16:22:43 -0400 (EDT) Date: Wed, 8 May 2002 16:22:43 -0400 From: parv To: Fernando Gleiser Cc: f-q Subject: Re: converting from ipf to ipfw Message-ID: <20020508202242.GA54944@moo.holy.cow> Mail-Followup-To: Fernando Gleiser , f-q References: <20020508184329.GB52793@moo.holy.cow> <20020508163730.C35226-100000@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020508163730.C35226-100000@localhost> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG in message <20020508163730.C35226-100000@localhost>, wrote Fernando Gleiser thusly... > > On Wed, 8 May 2002, parv wrote: > > > i have been using ipfilter for a long time. recent change in ipf > > source has disallowed use of "port" w/ "log" as an action. for ... > > now, i am thinking of switching to ipfw. > > Are you saying tha because of that you are going to switch firewalls? yes... > Changing the firewalls is not a trivial desision, and I would find > if there is a solution in my current firewall before I switch. ...it is trivial here -- besides non-trivial learning of new filtering language -- as firewall is used for a single machine connected to internet via dial up modem. > Did you try sending mail to the ipf list and asking if that is a bug or > a feature? that never had entered my mind... > Besides, your problem is easilly fixed: just change > > log body in on tun0 from any to any port < 1025 group 200 > > to: > > log body in on tun0 proto tcp from any to any port < 1025 group 200 > log body in on tun0 proto udp from any to any port < 1025 group 200 yes, that solved my problem. thank you fernando. btw, same suggestion was also made by ivailo tanusheff but i hadn't tried it before starting this thread. so, i should also thank ivailo retroactively. > in ipf 'port' required either 'proto tcp' or 'proto udp' for as > long as I remember, at least with 'pass', 'block' or 'count' it seems "log" action has been changed recently to behave the same way. ok, my problem has been resolved & i am not in no hurry to switch to ipfw anymore, but query still remains: any specific pointers, for future, if somebody is converting to ipfw from ipf? - parv -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message