Date: Sat, 21 Nov 1998 19:29:16 -0800 From: David Greenman <dg@root.com> To: Dave Alden <alden@math.ohio-state.edu> Cc: freebsd-net@FreeBSD.ORG Subject: Re: bridging hints? Message-ID: <199811220329.TAA01406@root.com> In-Reply-To: Your message of "Fri, 20 Nov 1998 16:09:47 EST." <199811202109.QAA06927@math.mps.ohio-state.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
> I'm planning on using a FreeBSD box as our departmental firewall. I >just started playing around with it and have a box configured with 2 Intel >EtherExpress 100+ cards, our LAN on one and a workstation (call 'wkstn') >on the other. I'm trying to learn ipfw, so I setup the FreeBSD box as a >"client" firewall. I then did: > >ipfw add deny tcp from any to wkstn > >This works as expected. But if I try to just turn of certain ports with: > >ipfw add deny tcp from any to wkstn 1-1024 > >it doesn't work as I would expect (it allows me to telnet to the machine). >Can someone tell me what I'm doing wrong? :-) Here's a guess: You need to be careful about the precedence. Lower number filter rules have higher precendence. Since you didn't specify a specific rule number, the system assigned a number that was greater than a previous allow rule, and that wasn't what you wanted. See ipfw(8). -DG David Greenman Co-founder/Principal Architect, The FreeBSD Project To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811220329.TAA01406>