Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 6 Jun 2018 11:00:57 -0700
From:      Freddie Cash <fjwcash@gmail.com>
To:        Dries Michiels <driesm.michiels@gmail.com>
Cc:        freebsd-ipfw@freebsd.org
Subject:   Re: Matching rules on ip4/ip6 with udp/tcp
Message-ID:  <CAOjFWZ6CsxLy%2Bmsz1hpXz7SB=2xsO=N40yHA_MZu8snYb_OkGQ@mail.gmail.com>
In-Reply-To: <001001d3fdbc$d804d270$880e7750$@gmail.com>
References:  <001001d3fdbc$d804d270$880e7750$@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Jun 6, 2018 at 10:36 AM, Dries Michiels <driesm.michiels@gmail.com>
wrote:

> Is there are way to match packets specifying both network generation ip4 =
or
> ip6 together with the protocol such as tcp or udp?
>
> Currently the following rules are possible (examples):
>
> ipfw add 1 allow udp from any to me 22 in recv em0
>
> ipfw add 1 allow ip4 from any to me 22 in recv em0
>
>
> The following rule is not possible (example):
>
> ipfw add 1 allow ip4 udp from any to me 22 in recv em0
>
>
> Is there a workaround for this or some reason why this hasn't been
> implemented?
>
> Or do I simply not have the rule syntax right.
>

=E2=80=8BOne of the following pairs should do what you want, although the m=
an page
is a little hard to parse on some of it, so they may not actually work:=E2=
=80=8B

=E2=80=8Bipfw add 1 allow from any to me in recv em0 proto ip4 dst-port 22=
=E2=80=8B
=E2=80=8Bipfw add 1 allow from any to me in recv em0 proto ip6 dst-port 22=
=E2=80=8B

=E2=80=8Bipfw add 1 allow udp from any to me in recv em0 proto ip4 dst-port=
 22
=E2=80=8Bipfw add 1 allow udp from any to me in recv em0 proto ip6 dst-port=
 22

Basically, there's a giant section in the man page about the "options"
section of the rule (what goes after the interface).  You can do just about
anything within that section, including a lot of what could be done in the
"protocol" and "source address" and "destination address" sections.

=E2=80=8B--
Freddie Cash
fjwcash@gmail.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOjFWZ6CsxLy%2Bmsz1hpXz7SB=2xsO=N40yHA_MZu8snYb_OkGQ>