https://community.hpe.com/t5/operating-system-hp-ux/ipfilter-and-ipftest-problem/m-p/5552733#M732151 <P><A href="http://coombs.anu.edu.au/~avalon/examples.html#ports" target="_blank">http://coombs.anu.edu.au/~avalon/examples.html#ports</A></P><P>&nbsp;</P><P>There does not seem to be a way to specify a port range in inclusive fashion, so as far as I understand, 136&gt;&lt;139 is the only way.</P> Wed, 15 Feb 2012 20:02:32 GMT Matti_Kurkela 2012-02-15T20:02:32Z https://community.hpe.com/t5/operating-system-hp-ux/ipfilter-and-ipftest-problem/m-p/5543555#M732148 <P>Hello,</P><P>I have a 11.31 HPUX installed on itanium. I'm setting up ipfilters and tried to test some rules</P><P>&nbsp;</P><P><FONT color="#800080"># IPFilter&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; A.11.31.17.05&nbsp; HP IPFilter 3.5alpha5</FONT><BR /><FONT color="#800080">&nbsp; IPFilter.IPF-HP&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; A.11.31.17.05&nbsp; HP IPFilter 3.5alpha5</FONT><BR /><FONT color="#800080">&nbsp; IPFilter.PFIL-HP&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; A.11.31.17.05&nbsp; HP IPFilter PFIL Interface</FONT></P><P>&nbsp;</P><P>I have a rule that allows udp's in out in a range of ports.</P><P>&nbsp;</P><P><FONT color="#800080">grep 192.168. /tmp/ipf_temp.conf</FONT><BR /><BR /><FONT color="#800080">pass in quick proto udp from 192.168.1.0/24 to 192.168.1.0/24 port = 5300 keep state</FONT><BR /><FONT color="#800080">pass out quick proto udp from&nbsp; 192.168.1.0/24 port = 5300 to 192.168.1.0/24 keep state</FONT><BR /><FONT color="#800080">pass in quick proto udp from 192.168.1.0/24 to 192.168.1.0/24 port 137 &gt;&lt; 138 keep state</FONT><BR /><FONT color="#800080">#pass in quick proto udp from 192.168.1.0/24 to 192.168.1.0/24 port = 138 keep state</FONT><BR /><FONT color="#800080">pass out quick proto udp from&nbsp; 192.168.1.0/24 port 137 &gt;&lt; 138 to 192.168.1.0/24 keep state</FONT></P><P>&nbsp;</P><P>ipftest shows this rule as blocked</P><P>&nbsp;</P><P><FONT color="#800080">ipftest -r /tmp/ipf_temp.conf</FONT><BR /><FONT color="#800080">opening rule file "/tmp/ipf_temp.conf"</FONT><BR /><FONT color="#800080">in udp 192.168.1.1,138 192.168.1.255,138</FONT><BR /><FONT color="#800080">input: in udp 192.168.1.1,138 192.168.1.255,138</FONT><BR /><FONT color="#800080">block ip 28(20) 17 192.168.1.1,138 &gt; 192.168.1.255,138</FONT><BR /><FONT color="#800080">--------------</FONT><BR /><FONT color="#800080">in udp 192.168.1.1,138 192.168.1.25,137</FONT><BR /><FONT color="#800080">input: in udp 192.168.1.1,138 192.168.1.25,137</FONT><BR /><FONT color="#800080">block ip 28(20) 17 192.168.1.1,138 &gt; 192.168.1.25,137</FONT></P><P>&nbsp;</P><P>If i remove the <FONT color="#339966">&gt;&lt;</FONT> and replace it by <FONT color="#339966">port = 137</FONT> or <FONT color="#339966">port = 138</FONT> it allows it to pass</P><P>&nbsp;</P><P>Is there anything wrong with my test input or the ipf.conf rules</P><P>&nbsp;</P><P>Thanks</P><P>Andreas</P> Wed, 08 Feb 2012 12:20:10 GMT https://community.hpe.com/t5/operating-system-hp-ux/ipfilter-and-ipftest-problem/m-p/5543555#M732148 Andreas Tsamis 2012-02-08T12:20:10Z https://community.hpe.com/t5/operating-system-hp-ux/ipfilter-and-ipftest-problem/m-p/5545111#M732149 <P><FONT color="#800080">pass in quick proto udp from 192.168.1.0/24 to 192.168.1.0/24 port 137 &gt;&lt; 138 keep state</FONT></P><P>&nbsp;</P><P><FONT color="#800080"><FONT color="#000000">This would allow the UDP traffic if the port number is <EM>greater than</EM> 137 but <EM>less than</EM> 138. Since the port numbers must be integers (i.e. port 137.5 cannot exist), there are no ports that could sastisfy this condition.</FONT><BR /></FONT></P> Thu, 09 Feb 2012 16:17:59 GMT https://community.hpe.com/t5/operating-system-hp-ux/ipfilter-and-ipftest-problem/m-p/5545111#M732149 Matti_Kurkela 2012-02-09T16:17:59Z https://community.hpe.com/t5/operating-system-hp-ux/ipfilter-and-ipftest-problem/m-p/5551873#M732150 <P>Thanks.</P><P>Logical :) i thought that the values 137 and 138 were included. So if i want to include the two values whats the syntax? Except the now obvious 136&gt;&lt;139 ?</P> Wed, 15 Feb 2012 09:01:54 GMT https://community.hpe.com/t5/operating-system-hp-ux/ipfilter-and-ipftest-problem/m-p/5551873#M732150 Andreas Tsamis 2012-02-15T09:01:54Z https://community.hpe.com/t5/operating-system-hp-ux/ipfilter-and-ipftest-problem/m-p/5552733#M732151 <P><A href="http://coombs.anu.edu.au/~avalon/examples.html#ports" target="_blank">http://coombs.anu.edu.au/~avalon/examples.html#ports</A></P><P>&nbsp;</P><P>There does not seem to be a way to specify a port range in inclusive fashion, so as far as I understand, 136&gt;&lt;139 is the only way.</P> Wed, 15 Feb 2012 20:02:32 GMT https://community.hpe.com/t5/operating-system-hp-ux/ipfilter-and-ipftest-problem/m-p/5552733#M732151 Matti_Kurkela 2012-02-15T20:02:32Z https://community.hpe.com/t5/operating-system-hp-ux/ipfilter-and-ipftest-problem/m-p/5558135#M732152 <P>Thanks for your help :)</P> Tue, 21 Feb 2012 05:56:12 GMT https://community.hpe.com/t5/operating-system-hp-ux/ipfilter-and-ipftest-problem/m-p/5558135#M732152 Andreas Tsamis 2012-02-21T05:56:12Z