From owner-freebsd-questions Fri Mar 10 21: 2:49 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail1.one.net (mail.one.net [206.112.192.107]) by hub.freebsd.org (Postfix) with ESMTP id 2BA1737B5BF for ; Fri, 10 Mar 2000 21:02:47 -0800 (PST) (envelope-from carleton@one.net) Received: from port-10-43.adsl.one.net ([207.78.254.43] EHLO miltonstreet.com ident: IDENT-NOT-QUERIED [port 55031]) by mail.one.net with ESMTP id <299935-847>; Sat, 11 Mar 2000 00:02:42 -0500 Message-ID: <38C9D32F.E8F2254A@miltonstreet.com> From: Sam Carleton X-Mailer: Mozilla 4.7 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: ipfw is not working Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Sat, 11 Mar 2000 00:02:36 -0500 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I am working on building a firewall script. First off, I have a ipchains script that is working fine in Linux, is there some way to eaily convert that over to ipfw? Here is the ipfw script I have so far, real simple in my option: ----------------------------------------- ############ # Setup system for firewall service. if [ -f /etc/defaults/rc.conf ]; then . /etc/defaults/rc.conf elif [ -f /etc/rc.conf ]; then . /etc/rc.conf fi ############ # Set quiet mode if requested if [ "x$firewall_quiet" = "xYES" ]; then fwcmd="/sbin/ipfw -q" else fwcmd="/sbin/ipfw" fi EXTERNAL_INTERFACE="ep0" # whichever you use LOOPBACK_INTERFACE="lo0" LOCAL_INTERFACE_1="ex0" # whichever you use IPADDR="10.226.46.56/29" LOCALNET_1="192.168.0.0/24" # whatever private range you use LOOPBACK="127.0.0.0/8" ############ # Flush out the list before we begin. $fwcmd -f flush $fwcmd add 100 pass all from any to any via ${LOOPBACK_INTERFACE} $fwcmd add 200 deny all from any to ${LOOPBACK} $fwcmn add deny all from ${LOCALNET_1} to any in via ${EXTERNAL_INTERFACE} $fwcmn add deny all from ${IPADDR} to any in via ${LOCAL_INTERFACE_1} $fwcmd add 65000 pass all from any to any ----------------------------------------- Here is the output: ----------------------------------------- Flushed all rules. 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 add: not found add: not found 65000 allow ip from any to any ----------------------------------------- I cannot figure out what is wrong the two deny lines that have the output "add: not found". What am I doing wrong? Sam Carleton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message