From owner-freebsd-isp Sat Feb 8 17:41:46 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id RAA14266 for isp-outgoing; Sat, 8 Feb 1997 17:41:46 -0800 (PST) Received: from panda.hilink.com.au (panda.hilink.com.au [203.2.144.5]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id RAA14225; Sat, 8 Feb 1997 17:41:31 -0800 (PST) Received: (from danny@localhost) by panda.hilink.com.au (8.7.6/8.7.3) id MAA19061; Sun, 9 Feb 1997 12:43:06 +1100 (EST) Date: Sun, 9 Feb 1997 12:43:05 +1100 (EST) From: "Daniel O'Callaghan" To: Robert Shady cc: Julian Elischer , tiller@connectnet.com, FreeBSD-Questions@freebsd.org, FreeBSD-ISP@freebsd.org Subject: Re: Packet filtering help please In-Reply-To: <199702090005.TAA06715@server.id.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Sat, 8 Feb 1997, Robert Shady wrote: > > > > add the following code to the rc file > > ipfw add 10000 allow ip from all to all > > ipfw add 1000 deny ip from {his address} > > > > > > that should about do it.. > > remember that the default rule is: > > ipfw add 65536 deny ip from any to any > > > > so you need to add the allow rule above via /etc/rc > > because you won't be able to get to the box to do it by hand :) > > Also remember that the numbers are the 'rules numbers', they are > parsed from highest to lowest, and everyone must be different. > In the above example, it starts our like this No. The rules are parsed in ascending rule number order. Rules can have the same number. Rules with the same number are parsed in the order they were added to the system (first come first parsed.) Danny