From owner-freebsd-questions@FreeBSD.ORG Fri Nov 2 20:43:58 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C04C816A418 for ; Fri, 2 Nov 2007 20:43:58 +0000 (UTC) (envelope-from rjhjr@cox.net) Received: from eastrmpop107.cox.net (eastrmpop107.cox.net [68.230.240.49]) by mx1.freebsd.org (Postfix) with ESMTP id 5054913C480 for ; Fri, 2 Nov 2007 20:43:57 +0000 (UTC) (envelope-from rjhjr@cox.net) Received: from eastrmimpo01.cox.net ([68.1.16.119]) by eastrmmtao105.cox.net (InterMail vM.7.08.02.01 201-2186-121-102-20070209) with ESMTP id <20071102191209.GRCN6496.eastrmmtao105.cox.net@eastrmimpo01.cox.net>; Fri, 2 Nov 2007 15:12:09 -0400 Received: from localhost ([68.230.186.138]) by eastrmimpo01.cox.net with bizsmtp id 7vBx1Y0022zbV0s0000000; Fri, 02 Nov 2007 15:11:57 -0400 Date: Fri, 2 Nov 2007 14:12:08 -0500 From: Bob Hall To: Jack Barnett Message-ID: <20071102191207.GA79177@kongemord.krig.net> Mail-Followup-To: Bob Hall , Jack Barnett , Freebsd questions References: <472AF4FF.9000803@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <472AF4FF.9000803@gmail.com> User-Agent: Mutt/1.4.2.1i Cc: Freebsd questions Subject: Re: IPFW Rules and Games X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Nov 2007 20:43:58 -0000 On Fri, Nov 02, 2007 at 04:59:27AM -0500, Jack Barnett wrote: > I added this for a temporary fix: > ${fwcmd} add pass all from any to any > > I don't think that is the right answer; That allows to much in? Yes. > I've tried these per the docs: > > ${fwcmd} add allow all from any to any out via {$iip} setup > ${fwcmd} add allow all from any to any out via {$iip} established > ${fwcmd} add allow all from any to any in via {$iip} established > > and also a bunch of others; but none of them worked. Try oip instead of iip. iip is your internal IP address, so anything going out from iip is going to your lan, and anything coming in to iip is coming from your lan. You want to control packets communicating with the outside world, so you want to control them at oip.