From owner-freebsd-current  Fri Jun 28 00:03:35 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id AAA13267
          for current-outgoing; Fri, 28 Jun 1996 00:03:35 -0700 (PDT)
Received: from zibbi.mikom.csir.co.za (zibbi.mikom.csir.co.za [146.64.24.58])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id AAA13258;
          Fri, 28 Jun 1996 00:03:23 -0700 (PDT)
Received: (from rbezuide@localhost) by zibbi.mikom.csir.co.za (8.7.5/8.7.3) id JAA25313; Fri, 28 Jun 1996 09:03:08 +0200 (SAT)
From: R Bezuidenhout <rbezuide@mikom.csir.co.za>
Message-Id: <199606280703.JAA25313@zibbi.mikom.csir.co.za>
Subject: Re: IPFW bugs?
To: phk@FreeBSD.org (Poul-Henning Kamp)
Date: Fri, 28 Jun 1996 09:03:08 +0200 (SAT)
Cc: nate@mt.sri.com, current@FreeBSD.org, alex@FreeBSD.org
In-Reply-To: <4616.835943754@critter.tfs.com> from Poul-Henning Kamp at "Jun 27, 96 11:35:54 pm"
X-Mailer: ELM [version 2.4ME+ PL16 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-current@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

Hi there ...

> In message <199606280606.AAA13890@rocky.mt.sri.com>, Nate Williams writes:
> >> > Add "log" to all rules and see which number lets you though.
> >> 
> >> Ahh, I didn't realize you could 'log' accept rules.  I'll do that.
> >
> >OK, here's the rule that let's *EVERYTHING* through.
> >
> ># Should be allowing DNS through, which can be either UDP/TCP
> >ipfw add  21 pass log all from any 53 to any via $1
> 
> Yes, (I just talk(1)'ed Nate).  The curent implentation doesn't complain
> about "over-specified" rules.  The portnumber isn't used with "all" as
> protocol.
> 
> ipfw and the kernel should both complain about such a rule being set.

Yes .. this is true ... according to my previous mail I tried this
but somehome ... well ... on the wrong interface :)

Sorry for that!

I guess I would quilify for some kind of "HAT" or something
like-wise :)

Reinier


-- 
########################################################################
#                                                                      #
#   Reinier Bezuidenhout             Company: Mikomtek CSIR, ZA        #
#                                                                      #
#   Network Engineer - NetSec development team                         #
#                                                                      #
#   Current Projects: NetSec - Secure Platform firewall system         #
#                     http://www.mikom.csir.co.za                      #
#                                                                      #
#   E-mail: rbezuide@mikom.csir.co.za                                  #
#                                                                      #
########################################################################