Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 6 Feb 2008 05:50:02 GMT
From:      "Andrey V. Elsukov" <bu7cher@yandex.ru>
To:        freebsd-bugs@FreeBSD.org
Subject:   Re: kern/120290: ipfw jump rules
Message-ID:  <200802060550.m165o2VZ025477@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The following reply was made to PR kern/120290; it has been noted by GNATS.

From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
To: FreeBSD-gnats-submit@FreeBSD.org
Cc: Nistor Marius <mariusmayl@yahoo.com>
Subject: Re: kern/120290: ipfw jump rules
Date: Wed, 06 Feb 2008 08:45:14 +0300

 Nistor Marius wrote:
 > no i open ports ... just inc ase if the user need that ports open to 
 > don't open a support ticket for that
 > the problem is ... i use this way from last few years ago on FreeBSD 4.X 
 > and 5.X and was working fine
 > on freebsd 6.X no
 > i think the ipfwadmin miss the number of rules and jump the rules
 
 Hi, Marius.
 
 I'm sorry. My English isn't very good. Did you right understand
 what do these rules? I'll try a bit more describe they:
 
 10164 allow ip from 193.64.7.151 to any uid net
 This rule match all TCP or UDP packets from 193.64.7.151 to any, which
 will be sent or received by processes witch works as user "net"
 on your machine. E.g. you can run a web-server as user "net" and some
 packets will be matched by this rule (if they will be from
 193.64.7.151 to any).
 
 10165 allow ip from any to 193.64.7.151
 This rule match all IP packets from any addresses to 193.64.7.151.
 
 10166 allow tcp from 193.64.7.151 10000-65535,21,22,25,80,110,113,443 
 to any
 This rule will be match packets for source address 193.64.7.151 and 
 source ports 10000-65535,21,22,25,80,110,113,443 destined to any
 addresses and ports. It will not match packets if they already
 matched by rule 10164, because "allow" action terminates search.
 
 10167 deny ip from 193.64.7.151 to any
 This rule will deny packets that didn't match rules 10164 and 10166.
 
 Did you want the same?
 
 -- 
 WBR, Andrey V. Elsukov

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200802060550.m165o2VZ025477>