On Wed, 13 Nov 2002, Duncan Matthew Stirling wrote:
>
> Is it possible to specify a range of port that are not equal. I tried
> this below and it didn't work.
>
> tcpservices="{ ftp, \
> telnet, \
> smtp, \
> domain, \
> www, \
> pop3, \
> auth, \
> netbios-ns, \
> netbios-dgm, \
> netbios-ssn, \
> irc, \
> https, \
> photuris, \
> isakmp, \
> 548, \
> rsync, \
> 1433, \
> mysql, \
> 631 }"
>
> updservices="{ domain, \
> bootps, \
> bootpc, \
> ntp, \
> snmp, \
> snmp-trap, \
> 548, \
> 631 }"
>
> block in log quick on $ext inet proto tcp \
> from $trusted port ! $tcpservices to any port $safe
>
> block in log quick on $ext inet proto udp \
> from $trusted port ! $updservices to any
Negatation of host and port list is not possible.
Why don't you just do
pass in quick on $ext inet proto tcp from $trusted port $tcpservices to any port $safe
keep state
pass in quick on $ext inet proto udp from $trusted port $updservices to any keep state
block in log quick all
Cheers,
Dries
--
Dries Schellekens
email: [EMAIL PROTECTED]
