Tried out the variations you mentioned and they work just great.
Thank you! Dries From: Freddie Cash <fjwc...@gmail.com> Sent: woensdag 6 juni 2018 20:01 To: Dries Michiels <driesm.michi...@gmail.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: Matching rules on ip4/ip6 with udp/tcp On Wed, Jun 6, 2018 at 10:36 AM, Dries Michiels <driesm.michi...@gmail.com <mailto:driesm.michi...@gmail.com> > wrote: Is there are way to match packets specifying both network generation ip4 or ip6 together with the protocol such as tcp or udp? Currently the following rules are possible (examples): ipfw add 1 allow udp from any to me 22 in recv em0 ipfw add 1 allow ip4 from any to me 22 in recv em0 The following rule is not possible (example): ipfw add 1 allow ip4 udp from any to me 22 in recv em0 Is there a workaround for this or some reason why this hasn't been implemented? Or do I simply not have the rule syntax right. One of the following pairs should do what you want, although the man page is a little hard to parse on some of it, so they may not actually work: ipfw add 1 allow from any to me in recv em0 proto ip4 dst-port 22 ipfw add 1 allow from any to me in recv em0 proto ip6 dst-port 22 ipfw add 1 allow udp from any to me in recv em0 proto ip4 dst-port 22 ipfw add 1 allow udp from any to me in recv em0 proto ip6 dst-port 22 Basically, there's a giant section in the man page about the "options" section of the rule (what goes after the interface). You can do just about anything within that section, including a lot of what could be done in the "protocol" and "source address" and "destination address" sections. -- Freddie Cash fjwc...@gmail.com <mailto:fjwc...@gmail.com> _______________________________________________ freebsd-ipfw@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
