From owner-freebsd-doc@FreeBSD.ORG Tue Mar 23 06:20:26 2004 Return-Path: Delivered-To: freebsd-doc@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 21E5016A4CE for ; Tue, 23 Mar 2004 06:20:26 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1AA0943D48 for ; Tue, 23 Mar 2004 06:20:26 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) i2NEKPbv019101 for ; Tue, 23 Mar 2004 06:20:25 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.10/8.12.10/Submit) id i2NEKPhT019097; Tue, 23 Mar 2004 06:20:25 -0800 (PST) (envelope-from gnats) Date: Tue, 23 Mar 2004 06:20:25 -0800 (PST) Message-Id: <200403231420.i2NEKPhT019097@freefall.freebsd.org> To: freebsd-doc@FreeBSD.org From: Marc Silver Subject: Re: docs/64534: misfitting in two parts of man 8 ipfw aboutquantity of ports that may be specified in a rule X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Marc Silver List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Mar 2004 14:20:26 -0000 The following reply was made to PR docs/64534; it has been noted by GNATS. From: Marc Silver To: freebsd-gnats-submit@FreeBSD.org, chd@qq.org.ua Cc: Subject: Re: docs/64534: misfitting in two parts of man 8 ipfw about quantity of ports that may be specified in a rule Date: Tue, 23 Mar 2004 16:14:00 +0200 This is a multi-part message in MIME format. --------------030705040504080004000602 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Hey there, I've confirmed that this is indeed correct. IPFW2 is limited to 30 ports/ranges, and returns 'ipfw: getsockopt(IP_FW_ADD): Invalid argument' when trying to use more than 30, while IPFW1 complains more gracefully with 'ipfw: too many ports (max is 10)' when trying to use more than 10. Here's a patch for ipfw.8 which hopefully corrects the problem. Cheers, Marc --------------030705040504080004000602 Content-Type: text/plain; name="ipfw.8-patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="ipfw.8-patch" --- ipfw.8-orig Tue Mar 23 16:02:01 2004 +++ ipfw.8 Tue Mar 23 16:07:46 2004 @@ -831,8 +831,14 @@ Service names (from .Pa /etc/services ) may be used instead of numeric port values. -The length of the port list is limited to 30 ports or ranges, -though one can specify larger ranges by using an +The length of the port list is dependant on the version of +.Nm +being used; +.Nm ipfw1 +is limited to 10 ports or ranges, while +.Nm ipfw2 +increases this limit to 30. +One can specify larger ranges by using an .Em or-block in the .Cm options @@ -1819,7 +1825,7 @@ .It Port specifications .Nm ipfw1 only allows one port range when specifying TCP and UDP ports, and -is limited to 10 entries instead of the 15 allowed by +is limited to 10 entries instead of the 30 allowed by .Nm ipfw2 . Also, in .Nm ipfw1 --------------030705040504080004000602--