Matching all protocols in /etc/protocols (1 rule)
Ian Smith
smithi at nimnet.asn.au
Wed Aug 5 05:23:24 UTC 2009
On Tue, 4 Aug 2009, Freddie Cash wrote:
> 2009/8/4 Miroslav Chlastak <mira at chlastak.cz>
>
> > Hi all,
> >
> > it's possible to create one rule to pass (or disable) all traffic (all
> > protocols - from /etc/protocols)?
> > I know, that I can use "all" keyword. But this keyword "all" mean only
> > "tcp, udp, icmp" protocols.
> > But there is more then tcp, udp and icmp protocol (gre,esp,ospf,...). If I
> > can allow all of this protocols, so at the moment I have to create 134 rules
> > (1 rule for 1 protocol from /etc/protocols).
> >
>
> If this is for IPFW, just use "ip" or "any". That will match any IP
> packets, regardless of what protocol data is inside the packet.
To be fussy, 'any' applies to addresses; 'ip' or 'all' is what's needed here:
protocol: [not] protocol-name | protocol-number
An IPv4 protocol specified by number or name (for a complete list
see /etc/protocols). The ip or all keywords mean any protocol
will match.
cheers, Ian
More information about the freebsd-ipfw
mailing list