Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 28 Apr 2006 17:52:00 +0300
From:      vladone <vladone@spaingsm.com>
To:        ipfw@freebsd.org
Subject:   Re: IPTABLES to IPFW for Packet Inspection Filtering
Message-ID:  <1753864896.20060428175200@spaingsm.com>
In-Reply-To: <OF939DCF20.0D7C96D2-ON8525715D.00628F03-8525715D.00642ED9@zbi.com>
References:  <OF939DCF20.0D7C96D2-ON8525715D.00628F03-8525715D.00642ED9@zbi.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hello Daniel,

Thursday, April 27, 2006, 9:13:02 PM, you wrote:

> hey all,

> here's what I'm looking to do.  I know it could be done with IPTABLES, but
> as it's not available for the Mac OS X I'm trying to figure out how it
> would be done in IPFW ...

> RELAY is a workstation forwarding packets from a SOURCE workstation to all
> DESTINATION end points.  RELAY is able to receive all packets from SOURCE
> bound to DESTINATION.  I want RELAY to deny packets forwarding from SOURCE
> that are name resolution attempts to DESTINATION DNS server specifically
> for host WWW.YAHOO.COM (for example).  To do this I need to create a rule
> that will look into the Data field of an DNS packet and match the query.
> The Data field of a DNS query packet would be written in hex. 

> With IPTABLES I would write something like this:

> RELAY #  iptables -I FORWARD 1 -p udp --dport 53 -m string --hex-string
U have in man ipfw explanation for this.

src and dst: {addr | { addr or ... }} [[not] ports]
             An address (or a list, see below) optionally followed by ports
             specifiers.

             The second format ( or-block with multiple addresses) is provided
             for convenience only and its use is discouraged.

     addr: [not] {any | me | addr-list | addr-set}

     any     matches any IP address.

     me      matches any IP address configured on an interface in the system.
             The address list is evaluated at the time the packet is analysed.

     addr-list: ip-addr[,addr-list]

     ip-addr:
             A host or subnet address specified in one of the following ways:

             numeric-ip | hostname
                     Matches a single IPv4 address, specified as dotted-quad
                     or a hostname.  Hostnames are resolved at the time the
                     rule is added to the firewall list.

So if u want to deny packets from some hostname u have an rule like:
ipfw add 100 deny ip from me to www.hahoo.com


-- 
Best regards,
 vladone                            mailto:vladone@spaingsm.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1753864896.20060428175200>