Date: Wed, 5 Aug 2009 15:08:20 +1000 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: Freddie Cash <fjwcash@gmail.com> Cc: freebsd-ipfw@freebsd.org, mira@chlastak.cz Subject: Re: Matching all protocols in /etc/protocols (1 rule) Message-ID: <20090805150508.B19821@sola.nimnet.asn.au> In-Reply-To: <b269bc570908041555x7e2701e2k403944f537125ab9@mail.gmail.com> References: <4A78B6DD.7060908@chlastak.cz> <b269bc570908041555x7e2701e2k403944f537125ab9@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 4 Aug 2009, Freddie Cash wrote:
> 2009/8/4 Miroslav Chlastak <mira@chlastak.cz>
>
> > Hi all,
> >
> > it's possible to create one rule to pass (or disable) all traffic (all
> > protocols - from /etc/protocols)?
> > I know, that I can use "all" keyword. But this keyword "all" mean only
> > "tcp, udp, icmp" protocols.
> > But there is more then tcp, udp and icmp protocol (gre,esp,ospf,...). If I
> > can allow all of this protocols, so at the moment I have to create 134 rules
> > (1 rule for 1 protocol from /etc/protocols).
> >
>
> If this is for IPFW, just use "ip" or "any". That will match any IP
> packets, regardless of what protocol data is inside the packet.
To be fussy, 'any' applies to addresses; 'ip' or 'all' is what's needed here:
protocol: [not] protocol-name | protocol-number
An IPv4 protocol specified by number or name (for a complete list
see /etc/protocols). The ip or all keywords mean any protocol
will match.
cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090805150508.B19821>