Date: Fri, 4 Mar 2005 01:56:46 +0530 From: "Subhro" <subhro.kar@gmail.com> To: "'Paul Schmehl'" <pauls@utdallas.edu>, "'FreeBSD questions'" <freebsd-questions@freebsd.org> Subject: RE: ipfw lost its mind? Message-ID: <4227730e.3f45c8af.5b3a.086d@smtp.gmail.com> In-Reply-To: <D8C861D5E62575A2A5639574@utd49554.utdallas.edu>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
> -----Original Message-----
> From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-
> questions@freebsd.org] On Behalf Of Paul Schmehl
> Sent: Friday, March 04, 2005 1:51
> To: 'FreeBSD questions'
> Subject: RE: ipfw lost its mind?
>
> --On Friday, March 04, 2005 01:21:11 AM +0530 Subhro
> <subhro.kar@gmail.com>
> wrote:
>
> > Do you block UDP?
>
> First question would be - which direction?
Incoming.
>
> I allow udp *to* port 53. I allow *ip* outgoing, so any response to a dns
> request would be answered.
Not relevant, as far as my knowledge goes.
> Even though it doesn't make sense to me. If my *first* rule is "allow ip
> from x.x.x.x/32 to {server}" and I also have a rule that says "allow ip
> from {server} to any", then I can't imagine why a restriction on udp would
> interfere with that since "ip" includes both tcp and udp.
That's a point. If this is the case, i.e. you are using "ip" then tcp/udp
makes no difference. Did you lately do any builds or partial builds of the
source tree?
Indian Institute of Information Technology
Subhro Sankha Kar
Block AQ-13/1, Sector V
Salt Lake City
PIN 700091
India
[-- Attachment #2 --]
0 *H
01
0 +�0 *H
�� 0=0�ͺVT"rU0
*H
�0_1
0 UUS10U
VeriSign, Inc.1705U
.Class 1 Public Primary Certification Authority0
960129000000Z
280801235959Z0_1
0 UUS10U
VeriSign, Inc.1705U
.Class 1 Public Primary Certification Authority00
*H
��0�mVa-Hqg뷞
8%Fs$]
en
VsߴX9knը?144g NEVi xG)6c\-{2{0*/1g�0
*H
��L?hC3]Mz36ؕ"6hl|B.?OvJ͠
)"]݁#{%F0yK
@<_ SH䆴{5{%ӎ?8�4�q0f0Ϡ
O[uj)0
*H
�0_1
0 UUS10U
VeriSign, Inc.1705U
.Class 1 Public Primary Certification Authority0
980512000000Z
080512235959Z010U
VeriSign, Inc.1 0
U
VeriSign Trust Network1F0DU
=www.verisign.com/repository/RPA Incorp. By Ref.,LIAB.LTD(c)981H0FU?VeriSign Class 1 CA Individual Subscriber-Persona Not Validated00
*H
��0�ZDUz-Ox6
JoTw*h1ApzKHV-BD\B/;'
]6B3nTOJ
ƚj$e~7jJ �00 `HB05U
.0,0*(&$http://crl.verisign.com/pca1.1.1.crl0GU
@0>0<
`HE0-0++ www.verisign.com/repository/RPA0U
0�0
U
0
*H
��B|ߌyLMU/P^N.^2ye
JRը1!l4x BZъު"!e3 3
>5d$[h|7d
Ž33>>s 020:N4fr40
*H
�010U
VeriSign, Inc.1 0
U
VeriSign Trust Network1F0DU
=www.verisign.com/repository/RPA Incorp. By Ref.,LIAB.LTD(c)981H0FU?VeriSign Class 1 CA Individual Subscriber-Persona Not Validated0
041111000000Z
050718235959Z010U
VeriSign, Inc.1 0
U
VeriSign Trust Network1F0DU
=www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)981
0
U
Persona Not Validated1402U
+Digital ID Class 1 - Microsoft Full Service10U
Subhro Kar1#0! *H
subhro.kar@gmail.com00
*H
��0�)Fp[
"
,9Uڵ87(v0r1C.\4VP@h
!"
r(
⎅?-"2K�00 U
0�0DU
=0;09
`HE0*0(+
https://www.verisign.com/rpa0
U
0
U
%0++0
`HENone03U
,0*0(&$"http://crl.verisign.com/class1.crl0
*H
��]5羧n-A$NyiI k{}Y(DKTHE@&mZK#TEWO.bqƼ
sE $raEsh{Os{[=zz_,v߈QԊ>1>0:0010U
VeriSign, Inc.1 0
U
VeriSign Trust Network1F0DU
=www.verisign.com/repository/RPA Incorp. By Ref.,LIAB.LTD(c)981H0FU?VeriSign Class 1 CA Individual Subscriber-Persona Not Validated:N4fr40 +�0 *H
1
*H
0
*H
1
050303202645Z0# *H
1u
n+
me[0g *H
1Z0X0
*H
0*H
�0
*H
@0+0
*H
(0+0
*H
0 +710010U
VeriSign, Inc.1 0
U
VeriSign Trust Network1F0DU
=www.verisign.com/repository/RPA Incorp. By Ref.,LIAB.LTD(c)981H0FU?VeriSign Class 1 CA Individual Subscriber-Persona Not Validated:N4fr40
*H
1䠁010U
VeriSign, Inc.1 0
U
VeriSign Trust Network1F0DU
=www.verisign.com/repository/RPA Incorp. By Ref.,LIAB.LTD(c)981H0FU?VeriSign Class 1 CA Individual Subscriber-Persona Not Validated:N4fr40
*H
�rc^竆c
ZGm=>MUNIYd3(;8w4.g8-J#%TSFjv+l`
`y*2,|kR/2m~-A9x$%O
:������
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4227730e.3f45c8af.5b3a.086d>