Re: ipf question

From: Rudolf Polzer (divzero_at_gmail.com)
Date: 01/19/05

  • Next message: Andriy Gapon: "Re: debugging encrypted part of isakmp"
    To: muc-lists-freebsd-security@moderators.muc.de
    Date: 19 Jan 2005 18:36:50 GMT
    
    

    ["Followup-To:" header set to muc.lists.freebsd.security.]
    »Erick Mechler« <emechler@techometer.net> wrote:
    > :: pass in quick on xl0 proto tcp/udp from any to any port 137 <> 139 keep
    > :: state
    >
    > This line allows in all tcp and udp ports less than 137 and greater than
    > 139, which is exactly what you don't want :) If you want to allow all
    > ports 137-139 inclusive, you need to change it to
    >
    > ... port 136 >< 140 keep state
    >
    > The < and > operators are not inclusive.

    I know it has been defined like that. But why?

    Why wasn't an inclusive .. operator used? There must be a reason for this, but
    which one is it?
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Andriy Gapon: "Re: debugging encrypted part of isakmp"

    Relevant Pages

    • Re: system-config-printer cant find my remote printer ??
      ... Both TCP and UDP ports 631 are open, on both machines. ... Clemson University Math Sciences ...
      (Fedora)
    • UDP Port Forwarding
      ... Diese Software benötigt, ... UDP Ports 5198 und 5199 direkt durch den Proxy an meinen ... Client weitergeleitet werden und eine TCP Verbindung ... Das mit dem TCP Port 5200 hatte ich recht schnell raus. ...
      (microsoft.public.de.german.isaserver)
    • Re: list port are listen
      ... port numbers for all programs listening on TCP or UDP ports, ... with the program/PID for each entry. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
      (Debian-User)
    • Re: ssh-tunnel with gnomemeeting?
      ... > What ports does GnomeMeeting use for H.323? ... > 1720 TCP for the H.225 channel. ... > UDP ports between 5000 and 5003 for audio and video. ...
      (comp.security.ssh)
    • Re: Spyware eConnect for Computer Fraud passed the Firewall
      ... Duane Arnold wrote: ... > 1) BID's firewall can accept or reject traffic by specified IPon TCP ... > or UDP ports. ...
      (comp.security.misc)