Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 10 Jul 2002 19:58:32 +0200
From:      Alex <freebsd-reply@akruijff.dds.nl>
To:        Bogdan TARU <bgd@icomag.de>
Cc:        freebsd-hackers@FreeBSD.ORG
Subject:   Re: ipfilter
Message-ID:  <8628588548.20020710195832@dds.nl>
In-Reply-To: <20020710145242.S89586-100000@fw.cgn.icom>
References:  <20020710145242.S89586-100000@fw.cgn.icom>
next in thread | previous in thread | raw e-mail | index | archive | help 

Hello/Beste Bogdan,

Wednesday, July 10, 2002, 2:55:45 PM, you wrote:


BT>         Hi,

BT>  I have the following problem on a FreeBSD 4.6 machine: compiled the
BT> kernel with the following options:

BT> options         IPFIREWALL              #firewall
BT> options         IPFIREWALL_VERBOSE      #enable logging to syslogd(8)
BT> options         IPFIREWALL_FORWARD      #enable transparent proxy support
BT> options         IPFIREWALL_VERBOSE_LIMIT=100    #limit verbosity
BT> options         IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by
BT> default
BT> options         IPDIVERT                #divert sockets
BT> options         IPFILTER                #ipfilter support
BT> options         IPFILTER_LOG            #ipfilter logging

BT>  rebooted that kernel, and tried:

BT> (14:57) root@(bgd)[~] ipf -E
BT> IP Filter: already initialized
BT> (14:58) root@(bgd)[~] ipf block in all from any to any
BT> (14:58) root@(bgd)[~] ipfstat -i
BT> empty list for ipfilter(in)
BT> (14:58) root@(bgd)[~] ipfstat -o
BT> empty list for ipfilter(out)


BT>  Why are the rules still empty? Of course, I am able to ping/whatever all
BT> the machines from the exterior, and the same with my machine.

BT>  What am I doing wrong?

BT>  Some more infos:

BT> (14:58) root@(bgd)[~] uname -a
BT> FreeBSD bgd.icomag.de 4.6-RELEASE FreeBSD 4.6-RELEASE #3: Wed Jul 10
BT> 14:42:21 CEST 2002     root@bgd.icomag.de:/usr/src/sys/compile/bgd  i386
BT> (14:59) root@(bgd)[~] ipf -V
BT> ipf: IP Filter: v3.4.27 (336)
BT> Kernel: IP Filter: v3.4.27
BT> Running: yes
BT> Log Flags: 0 = none set
BT> Default: pass all, Logging: available
BT> Active list: 0

BT>  Thank you,
BT>  bogdan


You have to place the rules in the file /etc/ipf.rules and you have to
modify your rc.conf to load these and start the firewall. I notice that
you have two firewall ipfw and ipf.

-- 
Best regards/Met vriendelijke groet,
Alex


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8628588548.20020710195832>