Matching all protocols in /etc/protocols (1 rule)

Ian Smith smithi at nimnet.asn.au
Wed Aug 5 05:23:24 UTC 2009


On Tue, 4 Aug 2009, Freddie Cash wrote:
 > 2009/8/4 Miroslav Chlastak <mira at chlastak.cz>
 > 
 > > Hi all,
 > >
 > > it's possible to create one rule to pass (or disable) all traffic (all
 > > protocols - from /etc/protocols)?
 > > I know, that I can use "all" keyword. But this keyword "all" mean only
 > > "tcp, udp, icmp" protocols.
 > > But there is more then tcp, udp and icmp protocol (gre,esp,ospf,...). If I
 > > can allow all of this protocols, so at the moment I have to create 134 rules
 > > (1 rule for 1 protocol from /etc/protocols).
 > >
 > 
 > If this is for IPFW, just use "ip" or "any".  That will match any IP
 > packets, regardless of what protocol data is inside the packet.

To be fussy, 'any' applies to addresses; 'ip' or 'all' is what's needed here:

     protocol: [not] protocol-name | protocol-number
             An IPv4 protocol specified by number or name (for a complete list
             see /etc/protocols).  The ip or all keywords mean any protocol
             will match.

cheers, Ian


More information about the freebsd-ipfw mailing list