Unable to set rule using service name

Ian Smith smithi at nimnet.asn.au
Mon Jul 17 11:21:49 UTC 2017


On Mon, 17 Jul 2017 18:34:10 +0500, Kulamani Sethi wrote:
 > Hi Lan,
 > Thanks for your response!
 > 
 > Yes, it is a placeholders. Here is exact real example of service URL.
 > However it is a Intranet service, you may not access.
 > 
 > service URL1: https://vwddgdptv001.corp.intranet/RISC_1/GDPLogin.aspx
 > 
 > service URL2: https://vwddgdptv001.corp.intranet/GDPT_1/GDPLogin.aspx
 > 
 > Note: RISC_1 and GDPT_1 both are two different service running over a
 > common server.
 > 
 > I want to set some deny rule over RISC_1 only.

I'm sorry, I quite misunderstood your problem (and RW's response).

You cannot use ipfw for this purpose, as it only distinguishes source 
and/or destination IP addresses and/or TCP|UDP port numbers on packets.

You need something to distinguish between URLs, that isn't the firewall 
but something at a higher level, perhaps some sort of proxy?

cheers, Ian

 > *With best Regards,*
 > 
 > Kulamani Sethi,
 > Bangalore, India
 > Mob: 9686190111
 > 
 > On Fri, Jul 14, 2017 at 10:31 PM, Ian Smith <smithi at nimnet.asn.au> wrote:
 > 
 > > On Fri, 14 Jul 2017 16:43:56 +0530, Kulamani Sethi wrote:
 > >  > Hi,
 > >  > I want to set a rule for a particular service URL which running on a
 > > remote
 > >  > server.
 > >  > I know the IP but don't know the port number where that service is
 > > running.
 > >  > If i set rule for IP then it will applied for entire services running
 > > over
 > >  > there.
 > >  >
 > >  > There is a option in IPFW rule we can set either port number or name,
 > > but
 > >  > it does not accepting using name. Here is a example for my case.
 > >  >
 > >  > suppose URL for test1 service  http://x.x.x.x/test1
 > >  >                  URL for test2 service http://x.x.x.x/test2
 > >  >
 > >  > I tried a rule, "ipfw add 104 deny log  ip from x.x.x.x test1 to any".
 > > Got
 > >  > error "ipfw: missing "to'' ".
 > >  > *I want to set rule for test1 where I have no idea about port.*
 > >  > *Also please help me how to know port number if any way is there.*
 > >
 > > RW well described (in freebsd-questions@) the relationship between port
 > > numbers and service names in /etc/services; assuming you know the name,
 > > that gives you the number.  Are 'test1' and 'test2' real examples, or
 > > placeholders for real service names?
 > >
 > > In any case, you cannot specify a port number in a rule with proto 'ip';
 > > when specifying port/s you need to specify 'udp' or 'tcp' protocol.
 > >
 > > Can you give an example of the actual packets (protocol, port number/s)
 > > that you want to block?
 > >
 > > cheers, Ian
 > >
 > _______________________________________________
 > freebsd-ipfw at freebsd.org mailing list
 > https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
 > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"


More information about the freebsd-questions mailing list