From owner-freebsd-ipfw@FreeBSD.ORG Thu Apr 26 19:29:38 2007 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6528116A407 for ; Thu, 26 Apr 2007 19:29:38 +0000 (UTC) (envelope-from 0shady0recs0@gmail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.247]) by mx1.freebsd.org (Postfix) with ESMTP id 203BC13C48A for ; Thu, 26 Apr 2007 19:29:38 +0000 (UTC) (envelope-from 0shady0recs0@gmail.com) Received: by an-out-0708.google.com with SMTP id c24so370533ana for ; Thu, 26 Apr 2007 12:29:35 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=YVQwd0lAjRt0HEBHs6umZwI+o1OJrNMigusEev3nDwMxjhmrYd68lnTENdyuuIj1up7rVOxWWvbU30+r7JCF0fLadFX3Hv58IL6/eLj62Tq1ouVc2ctHoXQp8xjgIjrnKF6ahZi+DgLoapTj5Uj12F3kDhAeQcOnkfRelS9WwBs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=uuMa8DPRK/QkdtUuFBwy1PqdFznrEgzhODHgWY0x4XDBc+CI0j5ZRLZ5zL42hU1cPWcyx3mEL/1qgq4pn1BOsY2dLlIvKusINy1DHZa+cVr0AZaQFXRCNhso86aEFTJ57jaoi06GHo0B80UM2tguCFczUesfuSrOtlXYcsafkJg= Received: by 10.100.125.5 with SMTP id x5mr1409274anc.1177615775262; Thu, 26 Apr 2007 12:29:35 -0700 (PDT) Received: by 10.100.137.17 with HTTP; Thu, 26 Apr 2007 12:29:35 -0700 (PDT) Message-ID: <937e203f0704261229n56f50ce6p7e5874b6046d292e@mail.gmail.com> Date: Thu, 26 Apr 2007 22:29:35 +0300 From: "Lubomir Georgiev" <0shady0recs0@gmail.com> To: freebsd-ipfw@freebsd.org In-Reply-To: <52464.BUtUVAdKVgE=.1177615458.squirrel@webmail.freebsdbrasil.com.br> MIME-Version: 1.0 References: <937e203f0704241000k1db56507jba1b0ac89cd3aece@mail.gmail.com> <4178.BUtUVAdKVgE=.1177554351.squirrel@webmail.freebsdbrasil.com.br> <937e203f0704261156ia80fad3v80d12d9e09adeb07@mail.gmail.com> <52464.BUtUVAdKVgE=.1177615458.squirrel@webmail.freebsdbrasil.com.br> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: ipfw with nat - allowing by MAC address X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Apr 2007 19:29:38 -0000 OK - So I guess we might have a problem... bogoqho# uname -a FreeBSD bogoqho.com 6.1-RELEASE FreeBSD 6.1-RELEASE # I'm currently thinking about using the deny approach you initially recommended. I'll just add an allow rule via the internal iface which will still allow me to ssh in and if everything else is OK then I guess that will be it. I'll check back shortly - in the mean time if you have any suggestions, feel free. On 4/26/07, eksffa@freebsdbrasil.com.br wrote: > > > Thanks for everyone's continuing attempts to help! > > > > OK so I tried putting in the ruleset which you provided - and I hit a > > rock > > very early in the run. IPFW returns that it doesn't understand the tag > > option. > > > > ipfw add 501 skipto 1400 tag 1 log logamount 0 ip from any to any > layer2 > > via $ifi > > > > > > Does this sound familiar? What should I do? > > tag/tagged features were commited somewhere in time between 6.1-STABLE and > 6.2-RELEASE, if I remember well. So the first release to have it is 6.2-R; > > csup to RELENG_6 branch to get the latest -STABLE; > > > > -- mEsS wItH tHe bEsT dIE liKe tHe rESt