Date: Fri, 28 Apr 2006 17:52:00 +0300 From: vladone <vladone@spaingsm.com> To: ipfw@freebsd.org Subject: Re: IPTABLES to IPFW for Packet Inspection Filtering Message-ID: <1753864896.20060428175200@spaingsm.com> In-Reply-To: <OF939DCF20.0D7C96D2-ON8525715D.00628F03-8525715D.00642ED9@zbi.com> References: <OF939DCF20.0D7C96D2-ON8525715D.00628F03-8525715D.00642ED9@zbi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Daniel, Thursday, April 27, 2006, 9:13:02 PM, you wrote: > hey all, > here's what I'm looking to do. I know it could be done with IPTABLES, but > as it's not available for the Mac OS X I'm trying to figure out how it > would be done in IPFW ... > RELAY is a workstation forwarding packets from a SOURCE workstation to all > DESTINATION end points. RELAY is able to receive all packets from SOURCE > bound to DESTINATION. I want RELAY to deny packets forwarding from SOURCE > that are name resolution attempts to DESTINATION DNS server specifically > for host WWW.YAHOO.COM (for example). To do this I need to create a rule > that will look into the Data field of an DNS packet and match the query. > The Data field of a DNS query packet would be written in hex. > With IPTABLES I would write something like this: > RELAY # iptables -I FORWARD 1 -p udp --dport 53 -m string --hex-string U have in man ipfw explanation for this. src and dst: {addr | { addr or ... }} [[not] ports] An address (or a list, see below) optionally followed by ports specifiers. The second format ( or-block with multiple addresses) is provided for convenience only and its use is discouraged. addr: [not] {any | me | addr-list | addr-set} any matches any IP address. me matches any IP address configured on an interface in the system. The address list is evaluated at the time the packet is analysed. addr-list: ip-addr[,addr-list] ip-addr: A host or subnet address specified in one of the following ways: numeric-ip | hostname Matches a single IPv4 address, specified as dotted-quad or a hostname. Hostnames are resolved at the time the rule is added to the firewall list. So if u want to deny packets from some hostname u have an rule like: ipfw add 100 deny ip from me to www.hahoo.com -- Best regards, vladone mailto:vladone@spaingsm.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1753864896.20060428175200>