Date: Sun, 13 Jan 2002 16:53:26 -0500 (EST) From: Dru <genisis@istar.ca> To: Steve Brown <freebsd@prayforwind.com> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: Dru's Onlamp article on IPFW rulesets Message-ID: <20020113165059.I347-100000@x1-6-00-50-ba-de-36-33.kico1.on.home.com> In-Reply-To: <3C41FE47.8010407@prayforwind.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 13 Jan 2002, Steve Brown wrote: > Hey thanks Dru, looks like I lucked out > > Here's what I get. I suspect the 1'st 3 lines causing trouble, they're > in rc.firewall. But what do I do about it? > > 00100 0 0 allow ip from any to any via lo0 > 00200 0 0 deny ip from any to 127.0.0.0/8 > 00300 0 0 deny ip from 127.0.0.0/8 to any > 00300 0 0 check-state > 00301 0 0 deny tcp from any to any in established > 00302 0 0 allow tcp from any to any keep-state out setup > 00400 0 0 allow udp from 209.226.175.223 53 to any in recv vr0 > 00401 0 0 allow udp from 198.235.216.134 53 to any in recv vr0 > 00402 0 0 allow udp from 207.236.176.9 53 to any in recv vr0 > 00403 0 0 allow udp from 198.235.216.111 53 to any in recv vr0 > 00404 0 0 allow udp from 207.236.176.10 53 to any in recv vr0 > 00405 0 0 allow udp from 198.235.216.112 53 to any in recv vr0 > 00406 0 0 allow udp from 209.197.128.2 53 to any in recv vr0 > 00407 0 0 allow udp from 209.197.128.5 53 to any in recv vr0 > 00409 20 1260 allow udp from any to any out > 65535 21 4059 deny ip from any to any <snip> Hi Steve, Nope, 1st three lines are a good thing. I suspect rule 00409 is what solved your problem. How many DNS servers do you have? 8 rules seems to be a bit much :) Dru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020113165059.I347-100000>