From owner-freebsd-hackers Thu Mar 2 11:18:42 1995 Return-Path: hackers-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.9/8.6.6) id LAA00797 for hackers-outgoing; Thu, 2 Mar 1995 11:18:42 -0800 Received: from dns.netvision.net.il (root@dns.NetVision.net.il [194.90.1.5]) by freefall.cdrom.com (8.6.9/8.6.6) with ESMTP id LAA00783 for ; Thu, 2 Mar 1995 11:18:33 -0800 Received: from ugen.NetManage.co.il (ugen.netmanage.co.il [192.114.78.165]) by dns.netvision.net.il (8.6.9/8.6.9) with SMTP id SAA03623; Thu, 2 Mar 1995 18:50:52 +0200 Date: Thu, 2 Mar 95 18:34:50 IST From: "Ugen J.S.Antsilevich" Subject: Re: Playing with ipfw... To: Richard Wackerbarth , Luigi Rizzo Cc: hackers@FreeBSD.org, ugen@netvision.net.il X-Mailer: Chameleon 4.00-Arm-25, TCP/IP for Windows, NetManage Inc. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: hackers-owner@FreeBSD.org Precedence: bulk >In my opinion, it makes no much sense in the user interface to >specify the source port. It would be less confusing to assume that >a port is actually a service, and filter access to services. I'd >like something like the following: > > accept tcp from source.host to dest.host portX > >to mean "source.host is allowed access to service on portX on dest.host" But this one you have already: This one allows access to telnet port from outside... ipfw addf accept tcp from source.host to dest.host portX And you probably need not any other definition because packets from dest.host to source.host was never denied... -- -=Ugen J.S.Antsilevich=- NetVision - Israeli Commercial Internet | Learning E-mail: ugen@NetVision.net.il | To Fly. [c] Phone : +972-4-550330 |