From owner-freebsd-questions Thu Mar 20 11:50:53 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 02D9C37B404 for ; Thu, 20 Mar 2003 11:50:50 -0800 (PST) Received: from ashram.rhavenn.net (ashram.rhavenn.net [209.150.195.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 076FE43F85 for ; Thu, 20 Mar 2003 11:50:50 -0800 (PST) (envelope-from lists@rhavenn.net) Received: from 10.0.0.40 (nordmarkagroupltd-psr1047844.z92-89-67.customer.algx.net [67.89.92.230]) by ashram.rhavenn.net (Postfix) with ESMTP id 6ADA92A848; Thu, 20 Mar 2003 14:04:07 -0600 (CST) From: Henrik Hudson To: "W. J. Williams" , freebsd-questions@freebsd.org Subject: Re: IPFW firewall rules not complete Date: Thu, 20 Mar 2003 13:50:35 -0600 User-Agent: KMail/1.5 References: <20030320193828.98259.qmail@web13509.mail.yahoo.com> In-Reply-To: <20030320193828.98259.qmail@web13509.mail.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200303201350.35462.lists@rhavenn.net> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thursday 20 March 2003 13:38, W. J. Williams wrote: > I am experimenting with IPFW firewalls and have hit a roadblock. I am > trying to allow ssh, mail, dns requests, pings and traceroutes out, but > not in. I am hitting a roadblock on mail and pings out Assuming that 192.168.0.0/29 is your internal block you've got the rules backwords. > > add 2000 allow tcp from any to 192.168.0.0/29 22,25,10000 setup This will let anything come in and establish a connection to a service running on 22, 25, 10000 but says nothing about outgoing. I think you want: add 2000 allow tcp from 192.168.0.0/29 to any 22,25,10000 setup Henrik -- Henrik Hudson lists@rhavenn.net You know, Hobbes, some days even my lucky rocket ship underpants don't help." Calvin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message