From owner-freebsd-questions@FreeBSD.ORG Thu Nov 20 05:47:23 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C0D7616A4CE for ; Thu, 20 Nov 2003 05:47:23 -0800 (PST) Received: from ei.bzerk.org (ei.xs4all.nl [213.84.67.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5C37D43FDF for ; Thu, 20 Nov 2003 05:47:22 -0800 (PST) (envelope-from mail25@bzerk.org) Received: from ei.bzerk.org (BOFH@localhost [127.0.0.1]) by ei.bzerk.org (8.12.10/8.12.10) with ESMTP id hAKDldxM086110; Thu, 20 Nov 2003 14:47:39 +0100 (CET) (envelope-from mail25@bzerk.org) Received: (from bulk@localhost) by ei.bzerk.org (8.12.10/8.12.10/Submit) id hAKDlcLB086109; Thu, 20 Nov 2003 14:47:38 +0100 (CET) (envelope-from mail25@bzerk.org) X-Authentication-Warning: ei.bzerk.org: bulk set sender to mail25@bzerk.org using -f Date: Thu, 20 Nov 2003 14:47:38 +0100 From: Ruben de Groot To: Chip Message-ID: <20031120134738.GA85873@ei.bzerk.org> References: <3FBC535A.6020904@wiegand.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3FBC535A.6020904@wiegand.org> User-Agent: Mutt/1.4.1i cc: FreeBSD Questions List Subject: Re: firewall rules do not get read X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Nov 2003 13:47:23 -0000 On Wed, Nov 19, 2003 at 09:38:34PM -0800, Chip typed: > I noticed my firewall rules are not being read. I have rc.conf set to > read the file rc.firewall. In rc.firewall the first line is add divert > natd etc etc. that is followed by pass all from any to any etc etc. Then > nothing after that is read, it is all ignored. My guess is you're using ipfw and confusing it with ipfilter. In ipfw, processing stops at the first rule that matches. Your "all from any to any" rule matches everything, so all subsequent rules are never reached. Try moving this rule to the end of your firewall script. Ruben > If I comment out the line pass all from any to any then nothing works to > access the internet. > I don't know what to do to make it read past those first two lines. > Any suggestions? > > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"