From owner-freebsd-hackers  Thu Mar  2 03:36:06 1995
Return-Path: hackers-owner
Received: (from majordom@localhost) by freefall.cdrom.com (8.6.9/8.6.6) id DAA12970 for hackers-outgoing; Thu, 2 Mar 1995 03:36:06 -0800
Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by freefall.cdrom.com (8.6.9/8.6.6) with ESMTP id DAA12964 for <hackers@freebsd.org>; Thu, 2 Mar 1995 03:35:59 -0800
Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id MAA10170 for hackers@freebsd.org; Thu, 2 Mar 1995 12:32:05 +0100
From: Luigi Rizzo <luigi@labinfo.iet.unipi.it>
Message-Id: <199503021132.MAA10170@labinfo.iet.unipi.it>
Subject: Playing with ipfw...
To: hackers@FreeBSD.org
Date: Thu, 2 Mar 1995 12:32:05 +0100 (MET)
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Content-Length: 1548      
Sender: hackers-owner@FreeBSD.org
Precedence: bulk

I have been playing with ipfw lately. Here are a few bugs/questions.
I'd also give the fixes, but I have misconfigured the firewall and I
cannot access it at the moment :)


[BUG] ipfw in its current form does not accept setting the destination
    port. Looking at the code, it actually accepts the port, but after
    expects a 'via' or something similar field.

    The fix is quite easy, just check if the parameter string is
    empty after the port number.

[BUG] the program does not look for full keywords [from,to] when
    parsing the string. Thus, if I say

       ipfw addf accept tcp from myhost telnet to somewhere

    it mistakes "telnet" for "to", and then complains that it cannot
    resolve "to" to a service name. Better check for full words, even if
    it takes more typing.

[COMMENT] Quite often, allowing a service requires a two-line
   specification. As an example, I am using

       ipfw addf accept udp from 0/0 520 to 0/0
       ipfw addf accept udp from 0/0 to 0/0 520

    to let routing information pass to hosts in the subnet.

    It would be nice to have a way to specify "one of the port
    numbers must be XXX". Is this supported by the system calls ?

	Luigi
====================================================================
Luigi Rizzo                     Dip. di Ingegneria dell'Informazione
email: luigi@iet.unipi.it       Universita' di Pisa
tel: +39-50-568533              via Diotisalvi 2, 56126 PISA (Italy)
fax: +39-50-568522
====================================================================