From owner-freebsd-questions Tue Oct 5 13:13:58 1999 Delivered-To: freebsd-questions@freebsd.org Received: from merlin.rtpnc.epa.gov (merlin.rtpnc.epa.gov [134.67.208.148]) by hub.freebsd.org (Postfix) with ESMTP id EDEF61510B for ; Tue, 5 Oct 1999 13:13:44 -0700 (PDT) (envelope-from Jenkins.Mike@epamail.epa.gov) Received: from myrtle.rtpnc.epa.gov by epamail.epa.gov (PMDF V5.1-12 #26439) with ESMTP id <0FJ5007PV9WPM0@epamail.epa.gov> for questions@freebsd.org; Tue, 5 Oct 1999 15:24:38 -0400 (EDT) Received: from EPAHUB2.RTP.EPA.GOV by epamail.epa.gov (PMDF V5.1-12 #26438) with SMTP id <0FJ5007ZB938DR@epamail.epa.gov> for questions@freebsd.org; Tue, 05 Oct 1999 15:07:17 -0400 (EDT) Received: by EPAHUB2.RTP.EPA.GOV(Lotus SMTP MTA v4.6.3 hotfix 1 (767.1 12-15-1998)) id 85256801.00688541 ; Tue, 05 Oct 1999 15:01:38 -0400 Date: Tue, 05 Oct 1999 14:06:10 -0500 From: Jenkins.Mike@epamail.epa.gov Subject: Re: ipfw and ports > 1023? To: dnelson@emsphone.com, ru@ucb.crimea.ua Cc: questions@freebsd.org Message-id: <85256801.006877BD.00@EPAHUB2.RTP.EPA.GOV> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-disposition: inline X-Lotus-FromDomain: EPA Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I wrote: >> How do you say "ports > 1023" in ipfw? >> I see the port-port syntax but that is for a limited range of ports. Dan Nelson replied: >port 1024-65535 Ruslan Ermilov replied with ipfw(8) and: >So, we say "1024-". My second sentence in the original post hinted about this but ... In the ipfw(8) manual page it says: "A range may only be specified as the first value, and the length of the port list is limited to IP_FW_MAX_PORTS (as defined in /usr/src/sys/netinet/ip_fw.h) ports." IP_FW_MAX_PORTS is 10 so the maximum number of ports listed is 10. So 20-29 would be ok (and so would 20-24,50,60,70,80,90) but 1024-65535 is NOT ok and probably results in 1024-1033. I think the intent is to allow a small number of ports on a single rule rather than having multiple rules. Eg: allow tcp from any to any 25,80,79 allow tcp from any to any 25 allow tcp from any to any 80 allow tcp from any to any 79 Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message