Sereciya :: Some thoughts on IPFW(2)
Luigi Rizzo
rizzo at icir.org
Thu Apr 3 23:28:09 PST 2003
hi,
> Unlike the documentation in the manpage*, the following syntax -- defined
> block/portnumber list/block -- is not correct:
>
> ipfw add NNNN allow tcp from some_ip to another_ip \{ port_num1, portnum2 \}
i do not believe this form is in the manpage, you certainly need
an "or" operator in a brace-enclosed block.
> Something that would be extremely useful would be support for an implied "and" clause...
there has always been an implicit AND between all components of
ipfw rules, either single match operations ("from xxx")
or or-blocks ("{ iplen 30 or src-port 100-200 }")
cheers
luigi
More information about the freebsd-ipfw
mailing list