IPFW rule syntax
nino80 at gmail.com
Wed Feb 28 17:10:57 UTC 2007
I have observed the following behavior in IPFW (note the asterisks):
ipfw add 1000 allow tcp from 10.1.2.3 1111 to 10.3.2.1 *9999* in
gets added to the rule list as:
01000 allow tcp from 10.1.2.3 1111 to 10.3.2.1 *dst-port 9999* in?
Why does IPFW convert my "9999" to "dst-port 9999" and "1111" doesn't
get converted to something like "src-port 1111"? Does someone know a
logical explanation for this or is this a halfway done attempt of
making the rules more readable?
This behavior is not a problem, but older versions of IPFW don't
exhibit it, so it was probably added for some reason.
More information about the freebsd-questions