Unable to set rule using service name
Ian Smith
smithi at nimnet.asn.au
Mon Jul 17 11:21:49 UTC 2017
On Mon, 17 Jul 2017 18:34:10 +0500, Kulamani Sethi wrote:
> Hi Lan,
> Thanks for your response!
>
> Yes, it is a placeholders. Here is exact real example of service URL.
> However it is a Intranet service, you may not access.
>
> service URL1: https://vwddgdptv001.corp.intranet/RISC_1/GDPLogin.aspx
>
> service URL2: https://vwddgdptv001.corp.intranet/GDPT_1/GDPLogin.aspx
>
> Note: RISC_1 and GDPT_1 both are two different service running over a
> common server.
>
> I want to set some deny rule over RISC_1 only.
I'm sorry, I quite misunderstood your problem (and RW's response).
You cannot use ipfw for this purpose, as it only distinguishes source
and/or destination IP addresses and/or TCP|UDP port numbers on packets.
You need something to distinguish between URLs, that isn't the firewall
but something at a higher level, perhaps some sort of proxy?
cheers, Ian
> *With best Regards,*
>
> Kulamani Sethi,
> Bangalore, India
> Mob: 9686190111
>
> On Fri, Jul 14, 2017 at 10:31 PM, Ian Smith <smithi at nimnet.asn.au> wrote:
>
> > On Fri, 14 Jul 2017 16:43:56 +0530, Kulamani Sethi wrote:
> > > Hi,
> > > I want to set a rule for a particular service URL which running on a
> > remote
> > > server.
> > > I know the IP but don't know the port number where that service is
> > running.
> > > If i set rule for IP then it will applied for entire services running
> > over
> > > there.
> > >
> > > There is a option in IPFW rule we can set either port number or name,
> > but
> > > it does not accepting using name. Here is a example for my case.
> > >
> > > suppose URL for test1 service http://x.x.x.x/test1
> > > URL for test2 service http://x.x.x.x/test2
> > >
> > > I tried a rule, "ipfw add 104 deny log ip from x.x.x.x test1 to any".
> > Got
> > > error "ipfw: missing "to'' ".
> > > *I want to set rule for test1 where I have no idea about port.*
> > > *Also please help me how to know port number if any way is there.*
> >
> > RW well described (in freebsd-questions@) the relationship between port
> > numbers and service names in /etc/services; assuming you know the name,
> > that gives you the number. Are 'test1' and 'test2' real examples, or
> > placeholders for real service names?
> >
> > In any case, you cannot specify a port number in a rule with proto 'ip';
> > when specifying port/s you need to specify 'udp' or 'tcp' protocol.
> >
> > Can you give an example of the actual packets (protocol, port number/s)
> > that you want to block?
> >
> > cheers, Ian
> >
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list