Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 22 Apr 2001 13:04:14 +0700
From:      Igor Podlesny <poige@morning.ru>
To:        freebsd-security@FreeBSD.ORG
Subject:   Re[2]: ipfw problem
Message-ID:  <68144568768.20010422130414@morning.ru>
next in thread | raw e-mail | index | archive | help 


PP> On Sat, Apr 21, 2001 at 06:25:13PM +0100, Lee Smallbone wrote:
>> Hi Peter,
>> 
>>  Thanks for your workaround, although it's not quite what I'd hoped for. (why does ipfw not allow
>>  ranges?? If the author listening...)
>> 
>>  I thought I had it for one minute, where I found that ${ip} isn't defined until later on
>>  in the script. No such luck. 

PP> Hmm I didn't quite parse that - are you saying that ${ip} really isn't defined
PP> until later?  If so, has that solved your problem?

PP> And about the ranges - ipfw(8) is only a controlling interface to the kernel
PP> ipfw routines.
sure

PP> It would be *much* harder for the kernel to compare every
PP> packet's address against a range than it is to compare it against a netmask -
PP> the latter only involves a bitwise AND operator.

I  rather  dont  agree  with  that  statement, but consider, we should
decide what *MUCH* is at any case :)

And  pay  your  attention, plz -- it does check port ranges absolutely
easy..  I don't see any big difference between ports and IP-addresses.
They both are represented as usual (not too big) numbers at last.

PP>   I wonder if ranges would
PP> be so hard to implement though; the fact is, they are not implemented at
PP> the moment, this would take some work, and actually, I'm not aware of any
PP> other firewalling system that implements ranges.  I would be VERY much out
PP> of my bailiwick here, though, because I've not dealt with that many other
PP> firewalling systems, but still, I think ranges are somewhat unusual in
PP> firewall rules :)

PP> G'luck,
PP> Peter

-- 
 Igor                            mailto:poige@morning.ru



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?68144568768.20010422130414>