Freddie Cash wrote:
On March 19, 2008 01:43 pm Freddie Cash wrote:
On March 19, 2008 01:34 pm Freddie Cash wrote:
Just curious if the following rule will work correctly. It is
accepted by the ipfw command. In the process of working out a test
for it, but thought I'd ask here as well, just to be sure.
ipfw add { tcp or udp } from me to any 53 out xmit fxp0
ipfw add { tcp or udp } from any 53 to me in recv fxp0
established
Will the UDP packets go through correctly, even though "established"
has no meaning for UDP streams, and the ipfw command will barf if you
use it with just "ipfw add udp" rules?
Hmm, from the looks of things, it doesn't work. Even though it
specifies both tcp and udp, the rule only matches tcp packets from an
established connection.
Perhaps a warning or error should be given when you try to use TCP
options on rules that aren't TCP-specific?
Or am I missing something here?
Guess I should probably have included a test case. From "ipfw show"
output:
00100 3 162 allow { tcp or udp } from me to any dst-port 53 out xmit fxp0
00110 0 0 allow { tcp or udp } from any 53 to me in recv fxp0
established
00120 3 409 allow { tcp or udp } from any 53 to me in recv fxp0
Without a "deny ip from any to any" rule instead of the last rule, UDP DNS
requests fail.
"count log" is the best thing to do test cases..
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
