Date: Mon, 16 Feb 1998 11:12:37 +0000 From: Karl Pielorz <kpielorz@tdx.co.uk> To: isp@FreeBSD.ORG Subject: ipfw - specifying ports >1023 & general config Message-ID: <34E81F25.FE3A9638@tdx.co.uk>
next in thread | raw e-mail | index | archive | help
Hi, I'm using FreeBSD 2.2.2 / 2.2.5 releases at our site, and the 'ipfw' command to setup firewalls on individual machines to supplment our sites main firewalling router... The question is, at the moment I use commands like: ipfw add allow tcp from any 1023-65534 to my.ip.add.ress 25 ipfw add allow tcp from my.ip.add.ress 25 to any 1023-65534 established Is there any 'cleaner' way of specifying the 'safe' ports range, i.e. ports between 1023 through to 65535? I've seen someone post something about using '>1023', but I couldn't get this to work (even after escaping it to stop the shell from redirecting it's output to a file called 1023 ;-) At the moment it's not too bad, as the firewall is setup by a script that uses shell variables, e.g. "1023-65534" becomes $SAFE, thus: $FW add allow tcp from any $SAFE to $MY_IP $SMTP $FW add allow tcp from $MY_IP $SMTP to any $SAFE established Which makes it a lot more readable... Any comments? - any suggestions on how I can stop the unavoidable 'human error' factor of being able to do something like: $FWi add allow tcp from any $FAFE to $MY_IP $SNTP (where the shell won't complain about not being able to find $FWi or $FAFE etc. - and it's easy to miss the error in the firewall output as it spins past). I've seen some 'firewall' languages and stuff put about - but I didn't really want anything _that_ complex, just something that would catch typos... Thanks for any info, Regards, Karl Pielorz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?34E81F25.FE3A9638>