From owner-freebsd-questions@FreeBSD.ORG  Wed Oct  1 11:24:55 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 46B4A16A4B3
	for <questions@freebsd.org>; Wed,  1 Oct 2003 11:24:55 -0700 (PDT)
Received: from post.web.ca (post.web.ca [192.139.37.29])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5E9E643F3F
	for <questions@freebsd.org>; Wed,  1 Oct 2003 11:24:54 -0700 (PDT)
	(envelope-from rob@web.ca)
Received: by post.web.ca (Postfix, from userid 1001)
	id 96943624F; Wed,  1 Oct 2003 14:24:52 -0400 (EDT)
Date: Wed, 1 Oct 2003 14:24:51 -0400
From: Rob Ellis <rob@web.ca>
To: Gary <gv-list-freebsdquestions@mygirlfriday.info>
Message-ID: <20031001182450.GB83044@web.ca>
References: <20031001181817.21832.qmail@letric.mygirlfriday.info>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20031001181817.21832.qmail@letric.mygirlfriday.info>
User-Agent: Mutt/1.4.1i
cc: FreeBSD <questions@freebsd.org>
Subject: Re: Firewall problem
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Oct 2003 18:24:55 -0000

On Wed, Oct 01, 2003 at 01:18:17PM -0500, Gary wrote:
> I have set my firewall to
> 
> firewall_type="open"
> firewall_enable="YES"
> 
> and when I want to drop a specific IP, I enter it manually, it accepts it,
> but it does not drop the packets.. 
> 
> I am getting a lot of virus activity on my SMTP port 25. So I wanted to
> drop a few IP ranges/addresses..
> 
> 00100  62054   5483792 allow ip from any to any via lo0
> 00200      0         0 deny ip from any to 127.0.0.0/8
> 00300      0         0 deny ip from 127.0.0.0/8 to any
> 65000 873327 293931424 allow ip from any to any
> 65100      0         0 deny tcp from 24.92.226.153 to any
> 65110      0         0 deny ip from 213.191.102.86 to any           
> 65535      0         0 deny ip from any to any
> 
> Yet, checking later in my SMTP logs, I am still getting pounded by the
> listed addresses. Can anyone explain why this isn't working?
> 

Your deny rules have to be added before the 'allow ip from any to any'.

  ipfw add 100 deny tcp from 24.92.226.153 to any

- Rob