Actually sk104468 says this is possible with these directives, although I've never used them:
tcp_f2f_conns = { <src, dest, dport> };
udp_f2f_conns = { <src, dest, dport> };
You can use ranges as well, so you can do something like this in table.def:
tcp_f2f_conns = { <10.0.0.0, 10.0.0.255>, <192.168.0.0, 192.168.0.255>, <1, 65535> };
udp_f2f_conns = { <10.0.0.0, 10.0.0.255>, <192.168.0.0, 192.168.0.255>, <1, 65535> };
ICMP always goes F2F so there is no directive for that protocol.
Just tried it in my lab and it seems to work, first line of output is port range, second is source IP range, third is destination IP range:
[Expert@R81:0]# fw tab -t tcp_f2f_conns
localhost:
-------- tcp_f2f_conns --------
static, id 254
<00000001, 0000ffff>
<0a000000, 0a0000ff>
<c0a80000, c0a800ff>
[Expert@R81:0]# fw tab -t udp_f2f_conns
localhost:
-------- udp_f2f_conns --------
static, id 255
<00000001, 0000ffff>
<0a000000, 0a0000ff>
<c0a80000, c0a800ff>
Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com