>I'm drawing up my rule set right now. One of the rules is a default deny for >all communications between source and destination ports that are outside the >well-known port range. To do this, I'm using the rule > > > >block in quick on elxl0 proto tcp/udp from any port 1023 >< 65536 to any >port 1023 >< 65536
If anything, ipfilter should give an error for using portnumbers <= 0 or >= 65536 as those are not valid port numbers and they cannot appear in packets (0 arguably can but those would not be valid packets) >block in quick on elxl0 proto tcp/udp from any port 1023 >< 0 to any port >1023 >< 0 I think what you really want is "pass ... <= 1023" and not block 1024-65535. Casper
