ssh/scp filtering, iplen problem
Luigi Rizzo
rizzo at icir.org
Sat Sep 20 12:14:33 PDT 2003
On Sat, Sep 20, 2003 at 08:42:21PM +0200, Oliver Fromme wrote:
> Pawel Malachowski <pawmal-posting at freebsd.lublin.pl> wrote:
> > On Sat, Sep 20, 2003 at 05:10:24PM +0200, Oliver Fromme wrote:
> > > According to ipfw(8), there is an "iplen" option for
> > > filtering -- but it filters on an exact size. What I
> > > need is a way to specify a rule that matches on, say,
> > > packets on port 22 that are larger than 1000 bytes.
> > > Is that possible with IPFW2?
> >
> > Yes, thanks to Luigi it is possible to use iplen ranges.
>
> Thanks, now I found it in 4-stable in the CVS repo.
> Unfortunately I'm running 4.8-Release, which doesn't
the changes only involve sys/netinet/ip_fw2.[ch] sbin/ipfw/ipfw2.c
are completely backward compatible.
cheers
luigi
> have that feature. Well, 4.9 isn't too far in the
> future, so I will just wait a little bit. :-)
>
> Thanks for the hint, Pawel!
>
> Regards
> Oliver
>
> --
> Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München
> Any opinions expressed in this message may be personal to the author
> and may not necessarily reflect the opinions of secnetix in any way.
>
> "Unix gives you just enough rope to hang yourself --
> and then a couple of more feet, just to be sure."
> -- Eric Allman
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
More information about the freebsd-ipfw
mailing list