Date: 9 May 2001 13:03:35 -0700 From: Michael Sharp <msharp@medmail.com> To: FreeBSD-security@FreeBSD.org Subject: ipfw Message-ID: <20010509200335.7680.cpmta@c000.sfo.cp.net>
next in thread | raw e-mail | index | archive | help
expanding on what Noel Fitzpatrick said... If I do ipfw -f flush I still have rule 65535 deny ip from any to any which allows NOTHING in or OUT. I can add DENY chains all day, but I cannot add any ALLOW chains unless I put in rule 65000 allow ip from any to any but this goes at the very top and is the first chain processed ( which allows ANYTHING in ) even if there are DENY chains below it. SO, from /etc/rc.firewall I added IPFIREWALL_DEFAULT_TO_ACCEPT to my kernel and recompiled In /etc/rc.conf, I have firewall_enable="YES" and firewall_type="open" and still I cannot get rid of that pesky 65535 DENY everything rule that wont let me do anything unless I add " ipfw add allow ip from any to any " which allows everything despite ANY DENY chains. ------------------------------------------------------- Get your free, secure email at http://www.medmail.com - the e-mail service for the medical community To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010509200335.7680.cpmta>