IPFW rule syntax

n j nino80 at gmail.com
Wed Feb 28 17:10:57 UTC 2007


I have observed the following behavior in IPFW (note the asterisks):

ipfw add 1000 allow tcp from 1111 to *9999* in

gets added to the rule list as:

01000 allow tcp from 1111 to *dst-port 9999* in?

Why does IPFW convert my "9999" to "dst-port 9999" and "1111" doesn't
get converted to something like "src-port 1111"? Does someone know a
logical explanation for this or is this a halfway done attempt of
making the rules more readable?

This behavior is not a problem, but older versions of IPFW don't
exhibit it, so it was probably added for some reason.



More information about the freebsd-questions mailing list