ipf question
Rudolf Polzer
divzero at gmail.com
Wed Jan 19 10:36:54 PST 2005
["Followup-To:" header set to muc.lists.freebsd.security.]
»Erick Mechler« <emechler at techometer.net> wrote:
> :: pass in quick on xl0 proto tcp/udp from any to any port 137 <> 139 keep
> :: state
>
> This line allows in all tcp and udp ports less than 137 and greater than
> 139, which is exactly what you don't want :) If you want to allow all
> ports 137-139 inclusive, you need to change it to
>
> ... port 136 >< 140 keep state
>
> The < and > operators are not inclusive.
I know it has been defined like that. But why?
Why wasn't an inclusive .. operator used? There must be a reason for this, but
which one is it?
More information about the freebsd-security
mailing list