On March 25, 2005, Emrullah Kaya wrote:
>Hi
>
>I tried to run ipscan on freebsd 5.3 and IP Filter: v4.1.7 according to
>http://archives.neohapsis.com/archives/nfr-wizards/2000-q2/0244.html
>It gives me syntax error. is there a change on the rules.
>
>Regards
>
>Emrullah kaya
>
># cat /etc/ipscan.conf
>smtp : ("HELO ", "**??."), ("220 ", "....") = track else close
># ipscan -f /etc/ipscan.conf
>syntax error error at ":", line 1
The archives revealed no response nor resolution to the previous post.
I too am running into this problem, but on
beast# ipf -V
ipf: IP Filter: v4.1.28 (416)
Kernel: IP Filter: v4.1.28
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 0
Feature mask: 0x10e
beast# ipf -Fa -f /etc/ipf.d/ipf-gw.rules
Syntax error error at "ssh", line 149
The offending line is:
149 pass out log first quick proto tcp from any to any port = 22 keep
state scan ssh group 200
/etc/ipscan.conf:
#
# Track ssh connections (i.e do nothing)
#
ssh : (), ("SSH-") = track
AA. How does one ascertain that the hooks for the ipscan feature is
enabled/compiled into ipfilter?
Also, the original post by darrenr that enumerated the features for
ipscan mirrors the FAQ, but no mention
if it was only outbound or if inbound traffic rules could be used, and
no restriction on the format
of the 16 bytes used by ipscan (ascii, hex, octal) for matching.
BB. Can ipscan rules be used for incoming connections? This would be
nice for protocol enforcement.
CC. If one wanted to use non-ascii for the pattern, how would you
designate it?
Thanks,
John Mire
--
"One world, one web, one program" -- Microsoft promotional ad
"Ein Volk, ein Reich, ein Fuehrer" -- Adolf Hitler
John Mire: [EMAIL PROTECTED] Network Administration
LSU Health Sciences Center - Shreveport
