From owner-freebsd-questions@FreeBSD.ORG  Wed Oct  1 12:15:11 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9F10016A4B3
	for <questions@freebsd.org>; Wed,  1 Oct 2003 12:15:11 -0700 (PDT)
Received: from smtp.tiadon.com (SMTP.tiadon.com [69.27.132.161])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9458F43FAF
	for <questions@freebsd.org>; Wed,  1 Oct 2003 12:15:08 -0700 (PDT)
	(envelope-from kdk@daleco.biz)
Received: from daleco.biz ([69.27.131.61]) by smtp.tiadon.com with Microsoft
	SMTPSVC(5.0.2195.6713);	 Wed, 1 Oct 2003 14:06:24 -0500
Message-ID: <3F7B2788.8040205@daleco.biz>
Date: Wed, 01 Oct 2003 14:14:16 -0500
From: "Kevin D. Kinsey, DaleCo, S.P." <kdk@daleco.biz>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20030920
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Andrew L. Gould" <algould@datawok.com>
References: <20031001181817.21832.qmail@letric.mygirlfriday.info>
	<200310011329.23459.algould@datawok.com>
In-Reply-To: <200310011329.23459.algould@datawok.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 01 Oct 2003 19:06:25.0327 (UTC)
	FILETIME=[1C30F3F0:01C3884F]
cc: FreeBSD <questions@freebsd.org>
cc: Gary <gv-list-freebsdquestions@mygirlfriday.info>
Subject: Re: Firewall problem
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Oct 2003 19:15:11 -0000

Andrew L. Gould wrote:

>On Wednesday 01 October 2003 01:18 pm, Gary wrote:
>  
>
>>I have set my firewall to
>>
>>firewall_type="open"
>>firewall_enable="YES"
>>
>>and when I want to drop a specific IP, I enter it manually, it accepts it,
>>but it does not drop the packets..
>>
>>I am getting a lot of virus activity on my SMTP port 25. So I wanted to
>>drop a few IP ranges/addresses..
>>
>>00100  62054   5483792 allow ip from any to any via lo0
>>00200      0         0 deny ip from any to 127.0.0.0/8
>>00300      0         0 deny ip from 127.0.0.0/8 to any
>>65000 873327 293931424 allow ip from any to any
>>65100      0         0 deny tcp from 24.92.226.153 to any
>>65110      0         0 deny ip from 213.191.102.86 to any
>>65535      0         0 deny ip from any to any
>>
>>Yet, checking later in my SMTP logs, I am still getting pounded by the
>>listed addresses. Can anyone explain why this isn't working?
>>
>>Thanks,
>>    
>>
>
>I'm a newbie at firewalls; but I'll take a guess:  Doesn't rule 65000 let all 
>ip packets in before rules 65100 and 65110 are considered?
>
>Andrew
>  
>
Yes, in this case, since this is ipfw, and "first match wins."

Using ipf, it's the opposite; gotta love 'Nix! ;-)