From owner-freebsd-isp@FreeBSD.ORG Sat May 6 14:10:14 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5AFC816A404 for ; Sat, 6 May 2006 14:10:14 +0000 (UTC) (envelope-from shulik_freebsd@matrixhome.net) Received: from mail.donec.net (ns.donec.net [193.108.38.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 350DE43D48 for ; Sat, 6 May 2006 14:10:13 +0000 (GMT) (envelope-from shulik_freebsd@matrixhome.net) Received: from [193.108.38.5] (unknown [193.108.38.5]) by mail.donec.net (Postfix) with ESMTP id 024A2187B86; Sat, 6 May 2006 17:10:01 +0300 (EEST) Message-ID: <445CAE2E.90308@matrixhome.net> Date: Sat, 06 May 2006 17:09:50 +0300 From: Alexander User-Agent: Thunderbird 1.5.0.2 (X11/20060426) MIME-Version: 1.0 To: "Tiago N. Sampaio" , freebsd-isp@freebsd.org References: <445C50A0.2070709@matrixhome.net> <20060506073907.O54242@maildrop.int.zabbadoz.net> <445C6ACB.6020502@matrixhome.net> <20060506103551.S54242@maildrop.int.zabbadoz.net> <445CA23C.3010306@matrixhome.net> <445CA8C7.7080507@codigobinario.com.br> In-Reply-To: <445CA8C7.7080507@codigobinario.com.br> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Subject: Re: IPFW and syslog X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 May 2006 14:10:14 -0000 Tiago N. Sampaio wrote: > did you try add deny log ip from any to any? > ipfw add 65000 deny log ip from any to any > If I'll add rule deny any any at the end, it will be last rule between other rules and all packets will be dropped (one_pass = 0). But I don't understand, why if I add deny any any as first rules - traffic dropped. > Hugs > Tiago N. Sampaio > > Alexander wrote: >> So, I also try ipfw add 99 deny ip from any to any, but got the same >> trouble... >> >> Bjoern A. Zeeb wrote: >> >>> On Sat, 6 May 2006, Alexander wrote: >>> >>> >>>> Bjoern A. Zeeb wrote: >>>> >>>>> On Sat, 6 May 2006, Alexander wrote: >>>>> >>>>> >>>>>> Default rule is deny. >>>>>> Some packets is registered under default rule, but I can't find >>>>>> documentation - how log to syslog packets, that denied in default >>>>>> rules. >>>>>> >>>>> Add the same rule with rule number - 1 and add log statement. >>>>> >>>>> >>>> Gmmmm! I have added rule: ipfw add 1 deny ip from any to any >>>> And server dropped all packets... >>>> >>> Well >>> "rule number" (for default rule) - 1 == 65535 - 1 == 65534 >>> >>> I guess I should have added quotes or braces or the sample. >>> >>> Sorry for the trouble... >>> >>> >> >> _______________________________________________ >> freebsd-isp@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-isp >> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >> > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"