ssh/scp filtering, iplen problem
Oliver Fromme
olli at lurza.secnetix.de
Sat Sep 20 11:42:24 PDT 2003
Pawel Malachowski <pawmal-posting at freebsd.lublin.pl> wrote:
> On Sat, Sep 20, 2003 at 05:10:24PM +0200, Oliver Fromme wrote:
> > According to ipfw(8), there is an "iplen" option for
> > filtering -- but it filters on an exact size. What I
> > need is a way to specify a rule that matches on, say,
> > packets on port 22 that are larger than 1000 bytes.
> > Is that possible with IPFW2?
>
> Yes, thanks to Luigi it is possible to use iplen ranges.
Thanks, now I found it in 4-stable in the CVS repo.
Unfortunately I'm running 4.8-Release, which doesn't
have that feature. Well, 4.9 isn't too far in the
future, so I will just wait a little bit. :-)
Thanks for the hint, Pawel!
Regards
Oliver
--
Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.
"Unix gives you just enough rope to hang yourself --
and then a couple of more feet, just to be sure."
-- Eric Allman
More information about the freebsd-ipfw
mailing list