Re: ipf question

From: Rudolf Polzer (divzero_at_gmail.com)
Date: 01/19/05

  • Next message: Andriy Gapon: "Re: debugging encrypted part of isakmp"
    To: muc-lists-freebsd-security@moderators.muc.de
    Date: 19 Jan 2005 18:36:50 GMT
    
    

    ["Followup-To:" header set to muc.lists.freebsd.security.]
    »Erick Mechler« <emechler@techometer.net> wrote:
    > :: pass in quick on xl0 proto tcp/udp from any to any port 137 <> 139 keep
    > :: state
    >
    > This line allows in all tcp and udp ports less than 137 and greater than
    > 139, which is exactly what you don't want :) If you want to allow all
    > ports 137-139 inclusive, you need to change it to
    >
    > ... port 136 >< 140 keep state
    >
    > The < and > operators are not inclusive.

    I know it has been defined like that. But why?

    Why wasn't an inclusive .. operator used? There must be a reason for this, but
    which one is it?
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Andriy Gapon: "Re: debugging encrypted part of isakmp"