Re: Useful addition to ipfw
In some mail from Borja Marcos, sie said:
>
>
> Hello,
>
> I've found myself in a situation where a simple data inspection
> capability added to ipfw would be very useful.
>
> I'm not thinking about anything especially sophisticated, but what
> about adding an option to check byte values (or flags, similar to
> tcpdump)?
>
> An example rule could be: add deny udp from any to me 12345 udp[4]&234
>
> being the rule true if byte 4 in the UDP packet AND the number 234 is
> not zero.
I believe you could do that today, with IPFilter, if you expressed
the entire packet-matching part of the rule with BPF.
Darren
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)