From owner-freebsd-questions Sun Oct 17 15:58: 1 1999 Delivered-To: freebsd-questions@freebsd.org Received: from sanson.reyes.somos.net (freyes.static.inch.com [207.240.212.43]) by hub.freebsd.org (Postfix) with ESMTP id 73DE715041 for ; Sun, 17 Oct 1999 15:57:54 -0700 (PDT) (envelope-from fran@reyes.somos.net) Received: from tomasa (tomasa.reyes.somos.net [10.0.0.11]) by sanson.reyes.somos.net (8.9.3/8.9.3) with SMTP id SAA24581; Sun, 17 Oct 1999 18:55:08 -0400 (EDT) (envelope-from fran@reyes.somos.net) Message-Id: <199910172255.SAA24581@sanson.reyes.somos.net> From: "Francisco Reyes" To: "Ken Kyler" Cc: "FreeBSD questions" Date: Sun, 17 Oct 1999 18:55:41 -0400 Reply-To: "Francisco Reyes" X-Mailer: PMMail 98 Professional (2.01.1600) For Windows 98 (4.10.1998) MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Subject: RE: Firewalls for Morons Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, 17 Oct 1999 16:50:04 -0400, Ken Kyler wrote: >Interesting. I had initially built the kernel with... > ># added by kyler >options IPFIREWALL >options IPDIVERT >options IPFIREWALL_VERBOSE >#options IPFIREWALL_DEFAULT_TO_ACCEPT Those options look ok. Just to be on the safe side why don't you take out the default_to_accept and re-build the kernel. The only thing I have which you did not listed is options IPFIREWALL_VERBOSE_LIMIT=50 #Limit verbosity But that shouldnt' be the reason why you are not getting anything logged. It wouldn't hurt to add it anyway. >They have to be as everything works fine once I add the rule "ipfw add allow >all from any to any" I am running out of suggestions. Try with an "open" firewall. Then ad a rule from a shell ipfw add ## allow log from any to any Make ## a number lower than the existing "allow any to any" rule. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message