Date: Wed, 14 Dec 2005 11:16:09 +1100 (Australia/ACT) From: Darren Reed <avalon@caligula.anu.edu.au> To: borjamar@sarenet.es (Borja Marcos) Cc: freebsd-security@freebsd.org Subject: Re: Useful addition to ipfw Message-ID: <200512140016.jBE0G9T4021056@caligula.anu.edu.au> In-Reply-To: <A20DB37F-36A2-42D1-8B05-EC14EE0858A1@sarenet.es> from "Borja Marcos" at Dec 13, 2005 04:59:54 PM
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Borja Marcos, sie said: > > > Hello, > > I've found myself in a situation where a simple data inspection > capability added to ipfw would be very useful. > > I'm not thinking about anything especially sophisticated, but what > about adding an option to check byte values (or flags, similar to > tcpdump)? > > An example rule could be: add deny udp from any to me 12345 udp[4]&234 > > being the rule true if byte 4 in the UDP packet AND the number 234 is > not zero. I believe you could do that today, with IPFilter, if you expressed the entire packet-matching part of the rule with BPF. Darren
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200512140016.jBE0G9T4021056>