IPTABLES to IPFW for Packet Inspection Filtering
Daniel Walker
dwalker at zbi.com
Thu Apr 27 18:13:51 UTC 2006
hey all,
here's what I'm looking to do. I know it could be done with IPTABLES, but
as it's not available for the Mac OS X I'm trying to figure out how it
would be done in IPFW ...
RELAY is a workstation forwarding packets from a SOURCE workstation to all
DESTINATION end points. RELAY is able to receive all packets from SOURCE
bound to DESTINATION. I want RELAY to deny packets forwarding from SOURCE
that are name resolution attempts to DESTINATION DNS server specifically
for host WWW.YAHOO.COM (for example). To do this I need to create a rule
that will look into the Data field of an DNS packet and match the query.
The Data field of a DNS query packet would be written in hex.
With IPTABLES I would write something like this:
RELAY # iptables -I FORWARD 1 -p udp --dport 53 -m string --hex-string
"|01 00 00 01 00 00 00 00 00 00 03 77 77 77 05 79 61 68 6f ff 03 63 6f 6d
00 00 01 00 01|" -j DROP
How would I write this in IPFW? I can not see how to apply a rule based
on the data of a packet. I've reviewed the man page of ipfw, but don't
see anything there. What am I miss?
Thanks.
Dan
More information about the freebsd-ipfw
mailing list