Jürgen Möllenhoff wrote:

> Hi,
> 
> is it possible to use a comma separated port range and/or IP range in 
> firewall rules? I know that it is possible to use a port range (for 
> example) like this "100-200" but as far as I know it's not possible to 
> use a port range like "100,110,120-140", the same applies for the IP 
> range there it's only possible to use a single IP or an IP with a netmask.
> I know it's possible to add for every single port or IP a separate 
> firewall rule but wouldn't it helpful to crunch those separate rules (or 
> at lest a few of them) together to one rule? I don't know how difficult 
> it would be to implement this in m0n0wal?
> 
> Bye,
> 
>   Jürgen
> 

As far as I know this isn't currently possible (that is, apart from 
X-Y port ranges), not with the webGUI at least (it is probably 
possibly to do with the right cmd. line, but I wouldn't know?)

There have been a few requests (including one of my own) for some kind 
of "port alias" list, much like the current IP/Network aliases, but 
for ports. The idea being that you could add named ports and ranges to 
  such a list, and then have them appear in the "To" and "From" port 
dropdowns in apropriate places.

I don't know if this is something that is being considered for 
implementation, but if it is, I guess it would be nice if such a 
feature allowed for such "complex" port ranges (ie. a comma seperated 
list of ports and/or ranges).

If the underlying programs (ie. ipfw and dummynet etc.) actually has 
support for such "complex" port ranges, it might even lower the number 
of actual (generated) rules for these, which might make things a bit 
faster for some configurations? (And if not, at least it won't make 
things slower, since the generated rules should ammount to the same 
set of rules as what you would currently have to do by hand.)

Adam.