From owner-freebsd-questions@FreeBSD.ORG Fri Apr 16 07:50:31 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC55816A4CE for ; Fri, 16 Apr 2004 07:50:31 -0700 (PDT) Received: from prserv.net (asmtp2.prserv.net [32.97.166.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4457043D1D for ; Fri, 16 Apr 2004 07:50:29 -0700 (PDT) (envelope-from yann.luppo@attglobal.net) Received: from razor (130.wf21.bltm.wswdc01r18.dsl.att.net[12.103.21.130]) by prserv.net (asmtp2) with SMTP id <2004041614502825205h50die> (Authid: yann.luppo@attglobal.net); Fri, 16 Apr 2004 14:50:28 +0000 Message-ID: <005401c4238f$f4d9dab0$0f01a8c0@razor> From: "RazorOnFreeBSD" To: Date: Fri, 16 Apr 2004 10:51:05 +0200 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1409 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: firewall rules error X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Apr 2004 14:50:32 -0000 Hi everyone, I'm trying to write my own rules for ipfw under 4.9 STABLE. But everytime I try to use the file with my rules .... my network is = totally blocked and the "ipfw show" command returns : 65535 38 2311 deny ip from any to any I think there's a problem in my rules file and the system replaces my = rules by this one, but I can't figure out what is the problem, my rules = file is really short compared to what I saw sometimes on Internet : -------------------------------------------------------------------------= --------------------------------------------- fwcmd=3D"/sbin/ipfw" oif=3D"dc0" iif=3D"dc1"=20 ${fwcmd} -f flush ${fwcmd} add check-state ${fwcmd} add deny ip from any to any in via $oif verrevpath add 050 divert natd all from any to any via $oif add 100 pass all from any to any via lo0 add 200 deny all from any to 127.0.0.0/8 add 300 deny ip from 127.0.0.0/8 to any ${fwcmd} add allow ip from me to any via $oif keep-state ${fwcmd} add allow icmp from any to any via $oif icmptypes 0,3,11,12 ${fwcmd} add allow tcp from any to me dst-port 22 in via $iif setup = keep-state ${fwcmd} add deny log ip from any to any -------------------------------------------------------------------------= --------------------------------------------- Can anybody tell me what's wrong ? Thanks. razor.