From owner-freebsd-questions  Sat Sep 19 09:49:00 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id JAA19015
          for freebsd-questions-outgoing; Sat, 19 Sep 1998 09:49:00 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from notabene.zer0.org (209-63-247-4.smf.jps.net [209.63.247.4])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA19010
          for <questions@FreeBSD.ORG>; Sat, 19 Sep 1998 09:48:56 -0700 (PDT)
          (envelope-from gsutter@n1.dyn.ml.org)
Received: (from gsutter@localhost)
	by notabene.zer0.org (8.8.7/8.8.8) id JAA28321;
	Sat, 19 Sep 1998 09:48:09 -0700 (PDT)
	(envelope-from gsutter)
Message-ID: <19980919094807.Q10104@notabene.zer0.org>
Date: Sat, 19 Sep 1998 09:48:07 -0700
From: Gregory Sutter <gsutter@pobox.com>
To: freebsd <freebsd@deadpig.lurid.net>, questions@FreeBSD.ORG
Subject: Re: ipfw problem.
References: <Pine.BSF.4.02.9809192057510.389-100000@deadpig.lurid.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <Pine.BSF.4.02.9809192057510.389-100000@deadpig.lurid.net>; from freebsd on Sat, Sep 19, 1998 at 09:05:56PM +0800
Organization: Zer0
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, Sep 19, 1998 at 09:05:56PM +0800, freebsd wrote:
> hi guys,
> 
> My ipfw rules:
> 00100 divert 8668 ip from any to any via fxp0 
> 00200 allow ip from any to any 
> 65535 deny ip from any to any
> 
> But when i apply this rule:
> ipfw add deny tcp from evil.net to deadpig.lurid.net 23
> 
> evil.net still _able_ to telnet to my machine.
 
Try putting a rule number in your new rule.  It's got to be smaller
than 200, because at rule 200, you accept everything.  So try

ipfw add 0150 deny tcp from evil.net to bacon.hamhocks.net 23

Greg
-- 
Gregory S. Sutter                       "How do I read this file?"
mailto:gsutter@pobox.com                "You uudecode it."
http://www.pobox.com/~gsutter/          "I I I decode it?"
PGP DSS public key 0x40AE3052

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message