From owner-freebsd-questions Thu Oct 4 4:34:27 2001 Delivered-To: freebsd-questions@freebsd.org Received: from chmls20.mediaone.net (chmls20.mediaone.net [24.147.1.156]) by hub.freebsd.org (Postfix) with ESMTP id 8AFED37B405 for ; Thu, 4 Oct 2001 04:34:21 -0700 (PDT) Received: from canada.acadia.ne.mediaone.net (acadia.ne.mediaone.net [65.96.185.189]) by chmls20.mediaone.net (8.11.1/8.11.1) with ESMTP id f94BYox25767 for ; Thu, 4 Oct 2001 07:34:50 -0400 (EDT) Received: (from leblanc@localhost) by canada.acadia.ne.mediaone.net (8.11.6/8.11.5) id f94BIow02679 for freebsd-questions@FreeBSD.org; Thu, 4 Oct 2001 07:18:50 -0400 (EDT) (envelope-from leblanc) Date: Thu, 4 Oct 2001 07:18:35 -0400 From: Louis LeBlanc To: freebsd-questions@FreeBSD.org Subject: ipfw question - hostname/address spec? Message-ID: <20011004071834.A2458@acadia.ne.mediaone.net> Reply-To: freebsd-questions@FreeBSD.org Mail-Followup-To: freebsd-questions@FreeBSD.org Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.3.22.1i X-bright-idea: Lets abolish HTML mail! Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hey all. I have a question about ipfw. I am under the impression that it is ok to use a dns name for src or dest, as in the following excerpt from my rc.firewall - IPADDR gets defined correctly, and NEWS_SERVER is defined as news.ne.mediaone.net: ipfw add allow tcp from $IPADDR $UNPRIVPORTS to $NEWS_SERVER 119 \ via $EXT_INTERFACE out ipfw add allow tcp from $NEWS_SERVER 119 to $IPADDR $UNPRIVPORTS \ via $EXT_INTERFACE in established but I get the following when testing the script: ipfw: error: hostname ``news.ne.mediaone.net'' unknown usage: ipfw [options] [pipe] flush add [number] rule [pipe] delete number ... [pipe] list [number ...] [pipe] show [number ...] zero [number ...] resetlog [number ...] pipe number config [pipeconfig] rule: [prob ] action proto src dst extras... action: {allow|permit|accept|pass|deny|drop|reject|unreach code| reset|count|skipto num|divert port|tee port|fwd ip| pipe num} [log [logamount count]] proto: {ip|tcp|udp|icmp|} src: from [not] {me|any|ip[{/bits|:mask}]} [{port|port-port},[port],...] dst: to [not] {me|any|ip[{/bits|:mask}]} [{port|port-port},[port],...] extras: uid {user id} gid {group id} fragment (may not be used with ports or tcpflags) in out {xmit|recv|via} {iface|ip|any} {established|setup} tcpflags [!]{syn|fin|rst|ack|psh|urg},... ipoptions [!]{ssrr|lsrr|rr|ts},... tcpoptions [!]{mss|window|sack|ts|cc},... icmptypes {type[,type]}... pipeconfig: {bw|bandwidth} {bit/s|Kbit/s|Mbit/s|Bytes/s|KBytes/s|MBytes/s} {bw|bandwidth} interface_name delay queue {packets|Bytes|KBytes} plr mask {all| [dst-ip|src-ip|dst-port|src-port|proto] } buckets } {red|gred} /// droptail A similar error dump is generated for each rule using a hostname. I have opened the dns ports by IP prior to using any hostnames. Quoting from the handbook at http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html . . . The syntax used to specify an address/mask is: address or address/mask-bits or address:mask-pattern A valid hostname may be specified in place of the IP address. . . . So this last says a hostname is ok. Anyone have any ideas? I'm still confused. Thanks for any help. Lou -- Louis LeBlanc leblanc@acadia.ne.mediaone.net Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://acadia.ne.mediaone.net ԿԬ Juall's Law on Nice Guys: Nice guys don't always finish last; sometimes they don't finish. Sometimes they don't even get a chance to start! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message