Date: Thu, 2 Mar 1995 12:32:05 +0100 (MET) From: Luigi Rizzo <luigi@labinfo.iet.unipi.it> To: hackers@FreeBSD.org Subject: Playing with ipfw... Message-ID: <199503021132.MAA10170@labinfo.iet.unipi.it>
next in thread | raw e-mail | index | archive | help
I have been playing with ipfw lately. Here are a few bugs/questions.
I'd also give the fixes, but I have misconfigured the firewall and I
cannot access it at the moment :)
[BUG] ipfw in its current form does not accept setting the destination
port. Looking at the code, it actually accepts the port, but after
expects a 'via' or something similar field.
The fix is quite easy, just check if the parameter string is
empty after the port number.
[BUG] the program does not look for full keywords [from,to] when
parsing the string. Thus, if I say
ipfw addf accept tcp from myhost telnet to somewhere
it mistakes "telnet" for "to", and then complains that it cannot
resolve "to" to a service name. Better check for full words, even if
it takes more typing.
[COMMENT] Quite often, allowing a service requires a two-line
specification. As an example, I am using
ipfw addf accept udp from 0/0 520 to 0/0
ipfw addf accept udp from 0/0 to 0/0 520
to let routing information pass to hosts in the subnet.
It would be nice to have a way to specify "one of the port
numbers must be XXX". Is this supported by the system calls ?
Luigi
====================================================================
Luigi Rizzo Dip. di Ingegneria dell'Informazione
email: luigi@iet.unipi.it Universita' di Pisa
tel: +39-50-568533 via Diotisalvi 2, 56126 PISA (Italy)
fax: +39-50-568522
====================================================================
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199503021132.MAA10170>