From owner-freebsd-questions  Tue Apr 14 13:26:15 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA06192
          for freebsd-questions-outgoing; Tue, 14 Apr 1998 13:26:15 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from pigstuy ([207.113.85.111])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA06038
          for <freebsd-questions@freebsd.org>; Tue, 14 Apr 1998 20:25:06 GMT
          (envelope-from spork@cncn.com)
Received: from localhost (spork@localhost)
	by pigstuy (8.8.7/8.8.7) with SMTP id QAA00646;
	Tue, 14 Apr 1998 16:23:27 -0400 (EDT)
	(envelope-from spork@cncn.com)
X-Authentication-Warning: pigstuy: spork owned process doing -bs
Date: Tue, 14 Apr 1998 16:23:23 -0400 (EDT)
From: Spike Gronim <spork@cncn.com>
X-Sender: spork@pigstuy
Reply-To: spork <spork@cncn.com>
To: Dima Dorfman <webmaster@zwb.net>
cc: fbsdqs <freebsd-questions@FreeBSD.ORG>
Subject: Re: IPFW
In-Reply-To: <3.0.5.32.19980414131259.00928650@207.213.224.25>
Message-ID: <Pine.BSF.3.96.980414162215.367C-100000@pigstuy>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, 14 Apr 1998, Dima Dorfman wrote:

> You need to specify a rule number, like:
> 
> ipfw add 1000 deny tcp from localhost to panix.com
> 
> At 04:09 PM 4/14/98 -0400, you wrote:
> >Hello.
> >
> >	Just for practice I am configuring a fire wall on my computer. I
> >don't need one, but I want to get the experience under my belt. I have a
> >shell script I wish to execute to set up the rules to my firewall.
> >it reads:

[snip]

> > I have shell access on panix.com and can therefore attempt to test my
> >firewall from their machinces. ipfw ignores the first two commands, so my
> >firewall ends up looking like this:
> >
> >00000 allow ip from any to any
> >65534 deny ip from any to any

My ipfwcommands script now reads:

#!/bin/sh

ipfw add 10000 deny tcp from localhost to panix.com
ipfw add 10010 deny tcp from panix.com to localhost
ipfw add allow ip from any to any

and it still does not add the first two rules.



	-Spike Gronim
	 spork@cncn.com	


		"Hacker, n: One who hacks real good"
			--Computer Contradictionary


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message