Date: Thu, 4 Oct 2001 07:18:35 -0400 From: Louis LeBlanc <leblanc+freebsd@acadia.ne.mediaone.net> To: freebsd-questions@FreeBSD.org Subject: ipfw question - hostname/address spec? Message-ID: <20011004071834.A2458@acadia.ne.mediaone.net>
next in thread | raw e-mail | index | archive | help
Hey all. I have a question about ipfw. I am under the impression that it is ok to use a dns name for src or dest, as in the following excerpt from my rc.firewall - IPADDR gets defined correctly, and NEWS_SERVER is defined as news.ne.mediaone.net: ipfw add allow tcp from $IPADDR $UNPRIVPORTS to $NEWS_SERVER 119 \ via $EXT_INTERFACE out ipfw add allow tcp from $NEWS_SERVER 119 to $IPADDR $UNPRIVPORTS \ via $EXT_INTERFACE in established but I get the following when testing the script: ipfw: error: hostname ``news.ne.mediaone.net'' unknown usage: ipfw [options] [pipe] flush add [number] rule [pipe] delete number ... [pipe] list [number ...] [pipe] show [number ...] zero [number ...] resetlog [number ...] pipe number config [pipeconfig] rule: [prob <match_probability>] action proto src dst extras... action: {allow|permit|accept|pass|deny|drop|reject|unreach code| reset|count|skipto num|divert port|tee port|fwd ip| pipe num} [log [logamount count]] proto: {ip|tcp|udp|icmp|<number>} src: from [not] {me|any|ip[{/bits|:mask}]} [{port|port-port},[port],...] dst: to [not] {me|any|ip[{/bits|:mask}]} [{port|port-port},[port],...] extras: uid {user id} gid {group id} fragment (may not be used with ports or tcpflags) in out {xmit|recv|via} {iface|ip|any} {established|setup} tcpflags [!]{syn|fin|rst|ack|psh|urg},... ipoptions [!]{ssrr|lsrr|rr|ts},... tcpoptions [!]{mss|window|sack|ts|cc},... icmptypes {type[,type]}... pipeconfig: {bw|bandwidth} <number>{bit/s|Kbit/s|Mbit/s|Bytes/s|KBytes/s|MBytes/s} {bw|bandwidth} interface_name delay <milliseconds> queue <size>{packets|Bytes|KBytes} plr <fraction> mask {all| [dst-ip|src-ip|dst-port|src-port|proto] <number>} buckets <number>} {red|gred} <fraction>/<number>/<number>/<fraction> droptail A similar error dump is generated for each rule using a hostname. I have opened the dns ports by IP prior to using any hostnames. Quoting from the handbook at http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html . . . The syntax used to specify an address/mask is: address or address/mask-bits or address:mask-pattern A valid hostname may be specified in place of the IP address. . . . So this last says a hostname is ok. Anyone have any ideas? I'm still confused. Thanks for any help. Lou -- Louis LeBlanc leblanc@acadia.ne.mediaone.net Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://acadia.ne.mediaone.net ԿԬ Juall's Law on Nice Guys: Nice guys don't always finish last; sometimes they don't finish. Sometimes they don't even get a chance to start! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011004071834.A2458>