Date: Mon, 17 Mar 2008 20:15:12 GMT From: Joao Rocha Braga Filho <goffredo@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/121807: Sugestion: TCP and UDP port_table in ipfw Message-ID: <200803172015.m2HKFCU0085757@www.freebsd.org> Resent-Message-ID: <200803172020.m2HKK1i6006066@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 121807 >Category: kern >Synopsis: Sugestion: TCP and UDP port_table in ipfw >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Mar 17 20:20:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Joao Rocha Braga Filho >Release: 6.2, 6.3 and 7.0 >Organization: Paraty.com >Environment: >Description: Why not exist a TCP/UDP port_table for IPFW? It can solve 30 itens limit in ipfw rule. It is good to use in QoS. Example ipfw add allow { tcp or udp } from any port_table(10) to any ipfw port_table 10 add 20,21,25,110,443,993,995,1025-65535 # Deny bad ports ipfw add deny { tcp or udp } from any to any port_table(11) ipfw port_table 11 add 135,137-139,445 ipfw add queue 100 udp from any port_table(20) to any ipfw port_table(20) add 123,53 >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200803172015.m2HKFCU0085757>