From owner-freebsd-security Wed May 9 13:18:56 2001 Delivered-To: freebsd-security@freebsd.org Received: from c000.sfo.cp.net (c004-h012.c004.snv.cp.net [209.228.33.76]) by hub.freebsd.org (Postfix) with SMTP id 7C2FB37B43C for ; Wed, 9 May 2001 13:18:53 -0700 (PDT) (envelope-from msharp@medmail.com) Received: (cpmta 6522 invoked from network); 9 May 2001 13:18:53 -0700 Date: 9 May 2001 13:18:53 -0700 Message-ID: <20010509201853.6521.cpmta@c000.sfo.cp.net> X-Sent: 9 May 2001 20:18:53 GMT Received: from [66.26.118.70] by mail.medmail.com with HTTP; 09 May 2001 13:18:53 PDT Content-Type: text/plain Content-Disposition: inline Mime-Version: 1.0 To: FreeBSD-security@FreeBSD.org From: Michael Sharp X-Mailer: Web Mail 3.7.1.9 Subject: Re: ipfw Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org But I need to block port 113, and allow 1 machine to get to port 113. HAVING to add ipfw add allow ip from any to any gets process before I would allow my 1 machine to port 113, thus allowing every machine to port 113 On Wed, 09 May 2001, Ron Brogden wrote: > > On Wednesday 09 May 2001 20:03, you wrote: > > and still I cannot get rid of that pesky 65535 DENY everything rule that > > wont let me do anything unless I add " ipfw add allow ip from any to any " > > which allows everything despite ANY DENY chains. > > Why can't you add the specific deny rules first if that is how you want > things to work. Just give them a lower precedence than your blanket allow > rule: > > ipfw add 40000 deny something from somewhere to somewhere_else > ipfw add 50000 deny something from somewhere to somewhere_else > ipfw add 60000 allow ip from any to any > > That said, shouldn't you be allowing specific stuff and then denying by > default? > > Cheers, > > Ron > ------------------------------------------------------- Get your free, secure email at http://www.medmail.com - the e-mail service for the medical community To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message