Date: Tue, 05 Oct 1999 14:06:10 -0500 From: Jenkins.Mike@epamail.epa.gov To: dnelson@emsphone.com, ru@ucb.crimea.ua Cc: questions@freebsd.org Subject: Re: ipfw and ports > 1023? Message-ID: <85256801.006877BD.00@EPAHUB2.RTP.EPA.GOV>
next in thread | raw e-mail | index | archive | help
I wrote:
>> How do you say "ports > 1023" in ipfw?
>> I see the port-port syntax but that is for a limited range of ports.
Dan Nelson replied:
>port 1024-65535
Ruslan Ermilov replied with ipfw(8) and:
>So, we say "1024-".
My second sentence in the original post hinted about this but ...
In the ipfw(8) manual page it says:
"A range may only be specified as the first value, and the length
of the port list is limited to IP_FW_MAX_PORTS (as defined
in /usr/src/sys/netinet/ip_fw.h) ports."
IP_FW_MAX_PORTS is 10 so the maximum number of ports listed is 10.
So 20-29 would be ok (and so would 20-24,50,60,70,80,90) but 1024-65535 is NOT
ok
and probably results in 1024-1033. I think the intent is to allow a small
number
of ports on a single rule rather than having multiple rules. Eg:
allow tcp from any to any 25,80,79
allow tcp from any to any 25
allow tcp from any to any 80
allow tcp from any to any 79
Mike
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?85256801.006877BD.00>