From owner-freebsd-questions@FreeBSD.ORG Wed Feb 28 17:10:57 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 31C9416A401 for ; Wed, 28 Feb 2007 17:10:57 +0000 (UTC) (envelope-from nino80@gmail.com) Received: from ik-out-1112.google.com (ik-out-1112.google.com [66.249.90.181]) by mx1.freebsd.org (Postfix) with ESMTP id BE37E13C428 for ; Wed, 28 Feb 2007 17:10:56 +0000 (UTC) (envelope-from nino80@gmail.com) Received: by ik-out-1112.google.com with SMTP id c21so123989ika for ; Wed, 28 Feb 2007 09:10:55 -0800 (PST) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=V8ZRxPFATWVcmrPtqwz2mdqbVJkmwT9F3ltp2ZHbHAiwBFBUQTFalegaRHi54RI2faYjcXJaoAfUN2+Oj8d8mOQdrtkxtxbG1ib1COaGsk6w5pWLfdIMDChA22GJcbylbOJj37ZNhJ6Nrirlb0tnk+ZvQ0+KzdoVI9NtH7kZ4fE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=JOTxKke25qDRlE14CdSnqqoxkwiqgZ3IPNDNGHdJNzXzem+w/e9CfZFoYMg80HTVL4CF9FH2AlblEcr/G4WaD8ml6xxcK8K0s/IPaoVPiKzyurOpDsxGhbm2hyWF2r9bVHfzWhptKU0W2Dp06JSM/hz1jGB+xFvCcbkLdeIfuqA= Received: by 10.114.137.2 with SMTP id k2mr226117wad.1172682650409; Wed, 28 Feb 2007 09:10:50 -0800 (PST) Received: by 10.114.203.7 with HTTP; Wed, 28 Feb 2007 09:10:50 -0800 (PST) Message-ID: <92bcbda50702280910g12a531d7ve7062e8f4e25261f@mail.gmail.com> Date: Wed, 28 Feb 2007 18:10:50 +0100 From: "n j" To: "FreeBSD Questions" MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: IPFW rule syntax X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Feb 2007 17:10:57 -0000 Hello, I have observed the following behavior in IPFW (note the asterisks): ipfw add 1000 allow tcp from 10.1.2.3 1111 to 10.3.2.1 *9999* in gets added to the rule list as: 01000 allow tcp from 10.1.2.3 1111 to 10.3.2.1 *dst-port 9999* in? Why does IPFW convert my "9999" to "dst-port 9999" and "1111" doesn't get converted to something like "src-port 1111"? Does someone know a logical explanation for this or is this a halfway done attempt of making the rules more readable? This behavior is not a problem, but older versions of IPFW don't exhibit it, so it was probably added for some reason. Thanks! -- Nino