Date: 15 Jun 2001 22:04:20 +0200 From: Dag-Erling Smorgrav <des@ofug.org> To: "Karsten W. Rohrbach" <karsten@rohrbach.de> Cc: Mike Silbersack <silby@silby.com>, Gerhard Sittig <Gerhard.Sittig@gmx.net>, "'freebsd-security@freebsd.org'" <freebsd-security@FreeBSD.ORG> Subject: Re: apache security question Message-ID: <xzpwv6do6gr.fsf@flood.ping.uio.no> In-Reply-To: <20010615125253.B75938@mail.webmonster.de> References: <20010614214542.K17514@speedy.gsinet> <20010615000706.M23752-100000@achilles.silby.com> <20010615125253.B75938@mail.webmonster.de>
next in thread | previous in thread | raw e-mail | index | archive | help
"Karsten W. Rohrbach" <karsten@rohrbach.de> writes: > i did not want to say that blackhole(4) is a replacement for ipf(4). > since the b0rkedness of the rule parser, ipfw(4) is not an option > anymore for me. try mathing multiple destination ports in one rule :-/ Sure, it works just fine: 01700 allow tcp from 10.0.0.0/24 to me 21,22,5999 keep-state in recv xl0 setup 01800 allow tcp from 10.0.0.0/24 to me 49152-65535 keep-state in recv xl0 setup 01900 allow tcp from any to me 113,80,22 keep-state in recv xl0 setup You're limited to six items (a range is a single item) per endpoint per rule, and only the first item can be a range (due to a misfeature in the parser), but it works fine. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpwv6do6gr.fsf>