Date: Wed, 8 May 2002 16:49:43 -0300 (ART) From: Fernando Gleiser <fgleiser@cactus.fi.uba.ar> To: parv <parv@pair.com> Cc: f-q <freebsd-questions@FreeBSD.ORG> Subject: Re: converting from ipf to ipfw Message-ID: <20020508163730.C35226-100000@localhost> In-Reply-To: <20020508184329.GB52793@moo.holy.cow>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 8 May 2002, parv wrote: > i have been using ipfilter for a long time. recent change in ipf > source has disallowed use of "port" w/ "log" as an action. for > details, see thread: ipf - "log" problem when port is specified > (after mar. 16 2002 source). > > now, i am thinking of switching to ipfw. are there any pointers -- > besides editing/recompiling kernel -- for somebody who is coming > from ipf background? i will be using ipfw only as firewall; i don't > have any need for natd yet. Are you saying tha because of that you are going to switch firewalls? Changing the firewalls is not a trivial desision, and I would find if there is a solution in my current firewall before I switch. I'd try to find a fix with ipf before I switch. Did you try sending mail to the ipf list and asking if that is a bug or a feature? Besides, your problem is easilly fixed: just change log body in on tun0 from any to any port < 1025 group 200 to: log body in on tun0 proto tcp from any to any port < 1025 group 200 log body in on tun0 proto udp from any to any port < 1025 group 200 in ipf 'port' required either 'proto tcp' or 'proto udp' for as long as I remember, at least with 'pass', 'block' or 'count' Fer > > > - parv > > -- > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020508163730.C35226-100000>