From owner-freebsd-questions Thu Mar 20 11:38:30 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 253DF37B401 for ; Thu, 20 Mar 2003 11:38:29 -0800 (PST) Received: from web13509.mail.yahoo.com (web13509.mail.yahoo.com [216.136.173.13]) by mx1.FreeBSD.org (Postfix) with SMTP id B13BB43FAF for ; Thu, 20 Mar 2003 11:38:28 -0800 (PST) (envelope-from willardjwilliams@yahoo.com) Message-ID: <20030320193828.98259.qmail@web13509.mail.yahoo.com> Received: from [217.84.186.205] by web13509.mail.yahoo.com via HTTP; Thu, 20 Mar 2003 11:38:28 PST Date: Thu, 20 Mar 2003 11:38:28 -0800 (PST) From: "W. J. Williams" Subject: IPFW firewall rules not complete To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I am experimenting with IPFW firewalls and have hit a roadblock. I am trying to allow ssh, mail, dns requests, pings and traceroutes out, but not in. I am hitting a roadblock on mail and pings out some more notes. Firewall: > the mail queue and then stops with the error below. after I am doing > playing with this one I am going to try ipf also :-) > > Running /var/spool/mqueue/h2K8eDD4001460 (sequence 2 of 2) > ... Deferred: Permission denied > > > add 21 deny log all from any to any in frag via fxp0 > add 1000 allow tcp from any to any established > add 2000 allow tcp from any to 192.168.0.0/29 22,25,10000 setup > add 3000 allow udp from 192.168.0.0/29 to any 53 > add 4000 allow udp from any 53 to 192.168.0.0/29 > add 5000 pass all from any to any via lo0 > add 6000 pass all from any to 127.0.0.0/8 > > ===== > Will Williams > ===== Will Williams To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message