Re: is there a way to say "from or to" some host?
On Wed, Apr 19, 2006 at 10:30:47AM -0400, Roy Morris wrote: > huh? - I must be misreading/understanding the question > pass out on $some_if from x to z proto tcp keep state That's "src equals x AND dst equals y". What Travis is asking for is "src equals x OR dst equals x". It can be done in two rules, like pass from x ... pass to x ... and you could make the parser expand a new keyword (like "host x") to such a pair of rules. Doing it in one rule is not as simple, you'd need to add a flag to (in-kernel) rules which toggle between combining the two criteria AND or OR. I don't think that's worth it ;) Daniel
RE: is there a way to say "from or to" some host?
> Just curious. tcpdump has the handy "host blah" syntax, where it > implies src or dst. > > Some of my rules could be simplified with a "from or to" sort > of syntax. > > If it doesn't exist, I'll put it on my "to code some day" list. > -- huh? - I must be misreading/understanding the question pass out on $some_if from x to z proto tcp keep state
is there a way to say "from or to" some host?
Just curious. tcpdump has the handy "host blah" syntax, where it implies src or dst. Some of my rules could be simplified with a "from or to" sort of syntax. If it doesn't exist, I'll put it on my "to code some day" list. -- "Curiousity killed the cat, but for a while I was a suspect" -- Steven Wright Security Guru for Hire http://www.lightconsulting.com/~travis/ -><- GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484
