210303 – garbage in ipf(5)

Bug 210303 - garbage in ipf(5)

Summary: garbage in ipf(5)

Status:	Closed FIXED

Alias:	None

Product:	Documentation
Classification:	Unclassified
Component:	Manual Pages (show other bugs)
Version:	Latest
Hardware:	amd64 Any

Importance:	--- Affects Many People
Assignee:	Cy Schubert

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-06-15 13:03 UTC by leventelist
Modified:	2020-10-30 00:56 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Remove random = in example. (623 bytes, patch) 2020-10-27 04:33 UTC, Cy Schubert	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description leventelist 2016-06-15 13:03:08 UTC

There is a garbage written in ipf(5)

   TCP/UDP Port Matching
       Having specified which protocol is being matched, it is  then  possible
       to indicate which port numbers a packet must have in order to match the
       rule.  Due to port numbers being used differently to addresses,  it  is
       therefore  possible to match on them in different ways. IPFilter allows
       you to use the following logical operations:

       < x    is true if the port number is greater than or  equal  to  x  and
              less than or equal to y is true if the port number in the packet
              is less than x

and the whole port range matching simply not implemented:

       Additionally, there are a number of ways to specify a range of ports:
garbage:
       x <> y is true if the port number is less than a and greater than y

       x >< y is true if the port number is greater than x and less than y

       x:y    is true if the port number is greater than or  equal  to  x  and
              less than or equal to y

Even the example doesn't work:
       pass in proto tcp from 127.0.0.0/8 to any port = 6000:6009

It says:

syntax error error at ":", line 2

Comment 1 Cy Schubert freebsd_committer

2020-10-27 04:31:22 UTC

You mean like this?

pass out proto tcp from any port 600 >< 1023 to X.X.X.252 port = 515 flags S/SAFR keep state keep frags

pass in proto tcp from 127.0.0.0/8 to any port 6000:6009

The example should not contain an =.

Comment 2 Cy Schubert freebsd_committer

2020-10-27 04:33:08 UTC

Created attachment 219136 [details]
Remove random = in example.

That random equal sign is incorrect.

Comment 3 commit-hook freebsd_committer

2020-10-27 04:36:06 UTC

A commit references this bug:

Author: cy
Date: Tue Oct 27 04:35:48 UTC 2020
New revision: 367070
URL: https://svnweb.freebsd.org/changeset/base/367070

Log:
  Remove a random equal sign from the example. It should not be there.
  It's a syntax error.

  PR:		210303
  Reported by:	leventelist at gmail.com
  MFC after:	3 days

Changes:
  head/contrib/ipfilter/man/ipf.5

Comment 4 commit-hook freebsd_committer

2020-10-30 00:35:03 UTC

A commit references this bug:

Author: cy
Date: Fri Oct 30 00:34:41 UTC 2020
New revision: 367155
URL: https://svnweb.freebsd.org/changeset/base/367155

Log:
  MFC r367070:

  Remove a random equal sign from the example. It should not be there.
  It's a syntax error.

  PR:		210303
  Reported by:	leventelist at gmail.com

Changes:
_U  stable/10/
  stable/10/contrib/ipfilter/man/ipf.5
_U  stable/11/
  stable/11/contrib/ipfilter/man/ipf.5
_U  stable/12/
  stable/12/contrib/ipfilter/man/ipf.5