Tried out the variations you mentioned and they work just great.
Thank you! Dries From: Freddie Cash <[email protected]> Sent: woensdag 6 juni 2018 20:01 To: Dries Michiels <[email protected]> Cc: [email protected] Subject: Re: Matching rules on ip4/ip6 with udp/tcp On Wed, Jun 6, 2018 at 10:36 AM, Dries Michiels <[email protected] <mailto:[email protected]> > wrote: Is there are way to match packets specifying both network generation ip4 or ip6 together with the protocol such as tcp or udp? Currently the following rules are possible (examples): ipfw add 1 allow udp from any to me 22 in recv em0 ipfw add 1 allow ip4 from any to me 22 in recv em0 The following rule is not possible (example): ipfw add 1 allow ip4 udp from any to me 22 in recv em0 Is there a workaround for this or some reason why this hasn't been implemented? Or do I simply not have the rule syntax right. One of the following pairs should do what you want, although the man page is a little hard to parse on some of it, so they may not actually work: ipfw add 1 allow from any to me in recv em0 proto ip4 dst-port 22 ipfw add 1 allow from any to me in recv em0 proto ip6 dst-port 22 ipfw add 1 allow udp from any to me in recv em0 proto ip4 dst-port 22 ipfw add 1 allow udp from any to me in recv em0 proto ip6 dst-port 22 Basically, there's a giant section in the man page about the "options" section of the rule (what goes after the interface). You can do just about anything within that section, including a lot of what could be done in the "protocol" and "source address" and "destination address" sections. -- Freddie Cash [email protected] <mailto:[email protected]> _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[email protected]"
