Date: Tue, 23 Mar 2004 06:20:25 -0800 (PST) From: Marc Silver <marcs@draenor.org> To: freebsd-doc@FreeBSD.org Subject: Re: docs/64534: misfitting in two parts of man 8 ipfw aboutquantity of ports that may be specified in a rule Message-ID: <200403231420.i2NEKPhT019097@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR docs/64534; it has been noted by GNATS. From: Marc Silver <marcs@draenor.org> To: freebsd-gnats-submit@FreeBSD.org, chd@qq.org.ua Cc: Subject: Re: docs/64534: misfitting in two parts of man 8 ipfw about quantity of ports that may be specified in a rule Date: Tue, 23 Mar 2004 16:14:00 +0200 This is a multi-part message in MIME format. --------------030705040504080004000602 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Hey there, I've confirmed that this is indeed correct. IPFW2 is limited to 30 ports/ranges, and returns 'ipfw: getsockopt(IP_FW_ADD): Invalid argument' when trying to use more than 30, while IPFW1 complains more gracefully with 'ipfw: too many ports (max is 10)' when trying to use more than 10. Here's a patch for ipfw.8 which hopefully corrects the problem. Cheers, Marc --------------030705040504080004000602 Content-Type: text/plain; name="ipfw.8-patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="ipfw.8-patch" --- ipfw.8-orig Tue Mar 23 16:02:01 2004 +++ ipfw.8 Tue Mar 23 16:07:46 2004 @@ -831,8 +831,14 @@ Service names (from .Pa /etc/services ) may be used instead of numeric port values. -The length of the port list is limited to 30 ports or ranges, -though one can specify larger ranges by using an +The length of the port list is dependant on the version of +.Nm +being used; +.Nm ipfw1 +is limited to 10 ports or ranges, while +.Nm ipfw2 +increases this limit to 30. +One can specify larger ranges by using an .Em or-block in the .Cm options @@ -1819,7 +1825,7 @@ .It Port specifications .Nm ipfw1 only allows one port range when specifying TCP and UDP ports, and -is limited to 10 entries instead of the 15 allowed by +is limited to 10 entries instead of the 30 allowed by .Nm ipfw2 . Also, in .Nm ipfw1 --------------030705040504080004000602--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200403231420.i2NEKPhT019097>