From owner-freebsd-questions Wed May 8 5:47:33 2002 Delivered-To: freebsd-questions@freebsd.org Received: from chicken.orbitel.bg (chicken100.orbitel.bg [195.24.32.21]) by hub.freebsd.org (Postfix) with SMTP id 7883137B403 for ; Wed, 8 May 2002 05:47:28 -0700 (PDT) Received: (qmail 15603 invoked from network); 8 May 2002 12:47:25 -0000 Received: from unknown (HELO procreditbank.com) (212.95.171.80) by chicken.orbitel.bg with SMTP; 8 May 2002 12:47:25 -0000 Received: from itaush [172.16.248.203] by Proxy+; Wed, 08 May 2002 15:47:18 +0300 for From: "Ivailo Tanusheff" To: Subject: RE: ipf - "log" problem when port is specified (after mar. 16 2002 source) Date: Wed, 8 May 2002 15:47:18 +0300 Message-ID: <006c01c1f68e$7cca34a0$cbf810ac@sof.procreditbank.bg> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <20020507204844.GA43365@moo.holy.cow> Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Maybe you must try specifying the protocol for this rule. As you need port range for the rule, try tcp, udp or tcp/udp. Ivailo Tanusheff -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG] On Behalf Of parv Sent: Tuesday, May 07, 2002 11:49 PM To: f-q Subject: ipf - "log" problem when port is specified (after mar. 16 2002 source) after upgrading to freebsd -stable (may 2 2002) & ipf source dating apr. 27 2002, w/ following ipf rule... log body in on tun0 from any to any port < 1025 group 200 ...i get error message.. 111: cannot use port and neither tcp or udp ...where 111 is the line number of quoted rule. i didn't have this problem w/ freebsd -stable source as of mar. 16 2002. i don't want to log every blocked packet as that would be unnecessary (for me), only (blocked) traffic on some ports. is there any way to do logging based on port number/range? i am thinking of filing a pr. below are some ipf rules to give you an idea... block out from any to any block in from any to any pass in quick on lo0 from 127.0.0.1/24 to 127.0.0.1/24 head 300 pass out quick on lo0 from 127.0.0.1/24 to 127.0.0.1/24 head 500 block in on tun0 from any to any head 200 #log body in on tun0 from any to any port < 1025 group 200 #log body in on tun0 from any to any port = 8000 group 200 #log body in on tun0 from any to any port = 8080 group 200 block out on tun0 from any to any head 400 pass out quick on tun0 proto tcp from any to any keep state keep frags group 400 pass out quick on tun0 proto udp from any to any keep state group 400 - parv -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message