beginner's question about proper syntax
Michal
ml at infosec.pl
Wed Jun 2 12:23:26 UTC 2010
Hello,
I don't have to worry about backward compatibility and I would like to
go with 'modern' syntax for rule body.
Are these two rules equal and exactly the same for ipfw? Is there any
overhead or drawbacks of using one and not the other?
example 1:
allow tcp from me $ports_range_bc to any 80 out via $if_ext setup
keep-state uid $user_regular
example 2:
allow out via $if_ext proto tcp src-ip me src-port $ports_range_bc
dst-ip any dst-port 80 uid $user_regular setup keep-state
After loading and listing my rules I can see that example 2 was
processed as:
allow ip from any to any out via wlan0 proto tcp src-ip me src-port
1024-65535 dst-port 80 uid michal setup keep-state
Michal
--
"Et ipsa scientia potestas est." -- Francis Bacon
More information about the freebsd-ipfw
mailing list