Date: Thu, 3 Jan 2002 14:41:41 -0800 From: "Crist J. Clark" <cristjc@earthlink.net> To: Chris Appleton <appleton_chris@yahoo.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ipfw.rules Message-ID: <20020103144141.E236@gohan.cjclark.org> In-Reply-To: <20020103153847.12460.qmail@web14808.mail.yahoo.com>; from appleton_chris@yahoo.com on Thu, Jan 03, 2002 at 07:38:47AM -0800 References: <20020103153847.12460.qmail@web14808.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jan 03, 2002 at 07:38:47AM -0800, Chris Appleton wrote:
> I'm struggling getting a simple ruleset working in a 4.4release bridge.
>
> If I run just
> allow ip from any to any #things run well (of course).
>
> But if I build:
> allow tcp from any to any established
> allow ip from a.b.c.d to any
> deny ip from any to any #http requests slow dramatically
>
> am I missing something, like some 0.0.0.0 udp trick to allow arp
> packets (i've glaced but can't find the article anymore). Is that
> something I need to do.
ARP is not UDP. ARPs will go through your bridge just fine.
> What it looks like is something between allowing any TCP and allowing
> any IP that I'm not doing.
But your problem probably is UDP related. Your delays may be due to
the fact you are blocking DNS queries.
--
"It's always funny until someone gets hurt. Then it's hilarious."
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020103144141.E236>