Date: Thu, 27 Apr 2006 14:13:02 -0400 From: Daniel Walker <dwalker@zbi.com> To: freebsd-ipfw@freebsd.org Subject: IPTABLES to IPFW for Packet Inspection Filtering Message-ID: <OF939DCF20.0D7C96D2-ON8525715D.00628F03-8525715D.00642ED9@zbi.com>
next in thread | raw e-mail | index | archive | help
hey all, here's what I'm looking to do. I know it could be done with IPTABLES, but as it's not available for the Mac OS X I'm trying to figure out how it would be done in IPFW ... RELAY is a workstation forwarding packets from a SOURCE workstation to all DESTINATION end points. RELAY is able to receive all packets from SOURCE bound to DESTINATION. I want RELAY to deny packets forwarding from SOURCE that are name resolution attempts to DESTINATION DNS server specifically for host WWW.YAHOO.COM (for example). To do this I need to create a rule that will look into the Data field of an DNS packet and match the query. The Data field of a DNS query packet would be written in hex. With IPTABLES I would write something like this: RELAY # iptables -I FORWARD 1 -p udp --dport 53 -m string --hex-string "|01 00 00 01 00 00 00 00 00 00 03 77 77 77 05 79 61 68 6f ff 03 63 6f 6d 00 00 01 00 01|" -j DROP How would I write this in IPFW? I can not see how to apply a rule based on the data of a packet. I've reviewed the man page of ipfw, but don't see anything there. What am I miss? Thanks. Dan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OF939DCF20.0D7C96D2-ON8525715D.00628F03-8525715D.00642ED9>