RE: Truncation of port value to lower 16 bits' worth only

Wed, 12 Sep 2007 03:41:06 -0700 

Well:

 

block in quick on elxl0 proto tcp/udp from any port 1023 >< 65535 to any
port 1023 >< 65535

 

is interpreted properly since 65535 fits within the word data type.
Nonetheless, as far as I know, it really should be 1023 >< 65536 because the
>< is a “greater than and less than” operator.

 

 

Cheers,

 

Etienne

 

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Shukla, Himanshu
(STSD)
Sent: 12 September 2007 11:55
To: [EMAIL PROTECTED]; IP Filter Mailing list
Subject: RE: Truncation of port value to lower 16 bits' worth only

 

Hi Etienne,

 Did you try following rule :

 

block in quick on elxl0 proto tcp/udp from any port 1023 >< 65535 to any
port 1023 >< 65535

 

I think port range should be 1023 >< 65535  not 1023 >< 65536

Thanks & Regards,
 Himanshu

 SNSL-i, Internet Security and Enterprise Computing.
 [EMAIL PROTECTED]  
 Direct          : +91 80 251-65759
 Mobile          :  9886492764

====================================================
 We can do anything we want to if we stick to it long enough.
                 - Helen Keller
====================================================
  

 

 

   _____  

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Etienne V. Depasquale
Sent: Wednesday, September 12, 2007 3:01 PM
To: IP Filter Mailing list
Subject: Truncation of port value to lower 16 bits' worth only

Good day,

 

I’m drawing up my rule set right now. One of the rules is a default deny for
all communications between source and destination ports that are outside the
well-known port range. To do this, I’m using the rule

 

block in quick on elxl0 proto tcp/udp from any port 1023 >< 65536 to any
port 1023 >< 65536

 

When checking it out using ipfstat –I, I get:

 

block in quick on elxl0 proto tcp/udp from any port 1023 >< 0 to any port
1023 >< 0

 

I can understand that IP filter considers the port as a word data type but
what about the interpretation in practice?

 

Cheers,

 

Etienne

 

 

 

 

 

No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.485 / Virus Database: 269.13.15/1002 - Release Date: 11/09/2007
17:46


No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.485 / Virus Database: 269.13.15/1002 - Release Date: 11/09/2007
17:46



No virus found in this outgoing message.
Checked by AVG Free Edition. 
Version: 7.5.485 / Virus Database: 269.13.15/1002 - Release Date: 11/09/2007
17:46

Reply via email to