From owner-freebsd-questions@FreeBSD.ORG Fri Nov 2 19:45:55 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 73DD316A418 for ; Fri, 2 Nov 2007 19:45:55 +0000 (UTC) (envelope-from jackbarnett@gmail.com) Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.236]) by mx1.freebsd.org (Postfix) with ESMTP id 2CB3613C4A3 for ; Fri, 2 Nov 2007 19:45:54 +0000 (UTC) (envelope-from jackbarnett@gmail.com) Received: by wx-out-0506.google.com with SMTP id i29so788140wxd for ; Fri, 02 Nov 2007 12:45:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:reply-to:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; bh=Jb0bv2m/O7Q+JTOGuWZl610RAyUmePWdZGn4vocmMVM=; b=GTfvFLJ4MDd6xhj4W4inx5WNPM5BiCreQlT3MF7saCgcfamFsMz87dJFRB6HgI5Gkey97cCqFT9jUmRAxDgnlzqL9LYRb6WTc8C89jrBaguQ6sNqbUvnX2SEO1tobfLhsyNnMJ7LLe9sk8nwRuV3CgyvdJF3ATbU06ZdHlev8E8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:reply-to:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=dOtT3kR2bvm+aRE7QF1OnAeNlv/TFomsrO+ko0lmLB4mYOl4ZwX6/xJrqDkYiD49ky5B27dIQssn0ybxLFaAZp7m2KZmX53wsvutwtysusyme2zpqtUYTFGUDdtY5XOYKxezq6FpXS0UnJfhxnrAtwztGTvYdowvt4dRpuU1mX0= Received: by 10.70.89.1 with SMTP id m1mr3166127wxb.1194032730385; Fri, 02 Nov 2007 12:45:30 -0700 (PDT) Received: from ?192.168.17.10? ( [67.190.229.42]) by mx.google.com with ESMTPS id i39sm9225549wxd.2007.11.02.12.45.28 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 02 Nov 2007 12:45:29 -0700 (PDT) Message-ID: <472B7E57.8050003@gmail.com> Date: Fri, 02 Nov 2007 14:45:27 -0500 From: Jack Barnett User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) To: jackbarnett@gmail.com References: <472AF4FF.9000803@gmail.com> <20071102191207.GA79177@kongemord.krig.net> <472B7DDB.7040606@gmail.com> In-Reply-To: <472B7DDB.7040606@gmail.com> Content-Transfer-Encoding: 7bit MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Bob Hall , Freebsd questions Subject: Re: IPFW Rules and Games X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: jackbarnett@gmail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Nov 2007 19:45:55 -0000 Jack Barnett wrote: Bob Hall wrote: On Fri, Nov 02, 2007 at 04:59:27AM -0500, Jack Barnett wrote: I added this for a temporary fix: ${fwcmd} add pass all from any to any I don't think that is the right answer; That allows to much in? Yes. I've tried these per the docs: ${fwcmd} add allow all from any to any out via {$iip} setup ${fwcmd} add allow all from any to any out via {$iip} established ${fwcmd} add allow all from any to any in via {$iip} established and also a bunch of others; but none of them worked. Try oip instead of iip. iip is your internal IP address, so anything going out from iip is going to your lan, and anything coming in to iip is coming from your lan. You want to control packets communicating with the outside world, so you want to control them at oip. Sorry, that didn't work. I also tried this: ${fwcmd} add allow tcp from any to any via ${oip} setup ${fwcmd} add allow udp from any to any via ${oip} setup ${fwcmd} add allow tcp from any to any via ${oip} established ${fwcmd} add allow udp from any to any via ${oip} established That also blocks it. :( Even tried this and still doesn't work. ${fwcmd} add allow tcp from any to any via ${oip} ${fwcmd} add allow udp from any to any via ${oip}