Firewall Wizards mailing list archives

Re: Ipfwadm

From: Bret <bret () rehost com>
Date: Wed, 28 Apr 1999 17:55:33 -0400

---Reply to mail from Bluefish [@ home] about Ipfwadm

Can ipfwadm be setup with a rule which denies all ports between 1 and 1023
? All I find are rules which restrict singel ports...

Did you check the man page??  Its there..  Before you reply saying that
you didnt have the disk space (8 megs uncompressed) or didnt install them
or couldnt find it or ...  I have included the man page sections that
answer the question..  

I sometimes wonder why people find it easier to ask questions on lists
rather than read man pages (which seems to be the last place people look
for documentation)

From the man page:


       -S address[/mask] [port ...]
..
              either  a  port specification or an ICMP type.  One
              of these specifications may be a range of ports, in
              the  format port:port.  Furthermore, the total num-
              ber of ports specified with the source and destina-
              tion   addresses   should   not   be  greater  than
              IP_FW_MAX_PORTS (currently 10).  Here a port  range
              counts as 2 ports.

So if I were to do:
ipfwadm -I -a deny -S 0.0.0.0/0 1:1023 -P tcp -o
ipfwadm -I -a deny -S 0.0.0.0/0 1:1023 -P udp -o
    { you have to specify the protocol when you do ports, so ... }
it would block those ports from connecting in..  This works with the -D
option as well, as its usage is the same as -S..

       -D address[/mask] [port ...]
              Destination  specification  (optional).   See   the
              desciption  of  the -S (source) flag for a detailed
              description of  the  syntax,  default  values,  and
              other  requirements.   Note that ICMP types are not
              allowed in combination with the -D flag: ICMP types
              can only be specified after the the -S flag.


-- 
Bret McDanel                                    http://www.rehost.com
Realistic Technologies, Inc.                             973-514-1144

     These opinions are mine, and may not be the same as my employer

Current thread:

Ipfwadm Bluefish [@ home] (Apr 28)
- Re: Ipfwadm Paul Marcus (Apr 28)
- Re: Ipfwadm dreamwvr (Apr 28)
- Re: Ipfwadm Bret (Apr 28)
  - Re: Ipfwadm Bluefish [@ home] (Apr 29)
- <Possible follow-ups>
- Re: Ipfwadm Robert Graham (Apr 29)