Regardless of the interpretation by IP Filter of 1023 >< 65536, I'd say your post shows the better way to do it. There are no ambiguities in the interpretation of:
block in quick on elxl0 proto tcp/udp from any port >= 1024 to any port <= 1024 Cheers, Etienne -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 12 September 2007 11:43 To: [EMAIL PROTECTED] Cc: IP Filter Mailing list Subject: Re: Truncation of port value to lower 16 bits' worth only >I'm drawing up my rule set right now. One of the rules is a default deny for >all communications between source and destination ports that are outside the >well-known port range. To do this, I'm using the rule > > > >block in quick on elxl0 proto tcp/udp from any port 1023 >< 65536 to any >port 1023 >< 65536 If anything, ipfilter should give an error for using portnumbers <= 0 or >= 65536 as those are not valid port numbers and they cannot appear in packets (0 arguably can but those would not be valid packets) >block in quick on elxl0 proto tcp/udp from any port 1023 >< 0 to any port >1023 >< 0 I think what you really want is "pass ... <= 1023" and not block 1024-65535. Casper No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.485 / Virus Database: 269.13.15/1002 - Release Date: 11/09/2007 17:46 No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.485 / Virus Database: 269.13.15/1002 - Release Date: 11/09/2007 17:46
