Jürgen Möllenhoff wrote:
> is it possible to use a comma separated port range and/or IP range in
> firewall rules? I know that it is possible to use a port range (for
> example) like this "100-200" but as far as I know it's not possible to
> use a port range like "100,110,120-140", the same applies for the IP
> range there it's only possible to use a single IP or an IP with a netmask.
> I know it's possible to add for every single port or IP a separate
> firewall rule but wouldn't it helpful to crunch those separate rules (or
> at lest a few of them) together to one rule? I don't know how difficult
> it would be to implement this in m0n0wal?
As far as I know this isn't currently possible (that is, apart from
X-Y port ranges), not with the webGUI at least (it is probably
possibly to do with the right cmd. line, but I wouldn't know?)
There have been a few requests (including one of my own) for some kind
of "port alias" list, much like the current IP/Network aliases, but
for ports. The idea being that you could add named ports and ranges to
such a list, and then have them appear in the "To" and "From" port
dropdowns in apropriate places.
I don't know if this is something that is being considered for
implementation, but if it is, I guess it would be nice if such a
feature allowed for such "complex" port ranges (ie. a comma seperated
list of ports and/or ranges).
If the underlying programs (ie. ipfw and dummynet etc.) actually has
support for such "complex" port ranges, it might even lower the number
of actual (generated) rules for these, which might make things a bit
faster for some configurations? (And if not, at least it won't make
things slower, since the generated rules should ammount to the same
set of rules as what you would currently have to do by hand.)