From owner-freebsd-hackers Wed Jul 10 10:58:55 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D26B837B400 for ; Wed, 10 Jul 2002 10:58:50 -0700 (PDT) Received: from smtp09.wxs.nl (smtp09.wxs.nl [195.121.6.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id F3A9043E64 for ; Wed, 10 Jul 2002 10:58:49 -0700 (PDT) (envelope-from freebsd-reply@akruijff.dds.nl) Received: from cybertron.kruijff ([213.10.151.186]) by smtp09.wxs.nl (Netscape Messaging Server 4.15) with ESMTP id GZ1OLZ00.4M8; Wed, 10 Jul 2002 19:58:47 +0200 Date: Wed, 10 Jul 2002 19:58:32 +0200 From: Alex X-Mailer: The Bat! (v1.53d) Reply-To: Alex X-Priority: 3 (Normal) Message-ID: <8628588548.20020710195832@dds.nl> To: Bogdan TARU Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: ipfilter In-Reply-To: <20020710145242.S89586-100000@fw.cgn.icom> References: <20020710145242.S89586-100000@fw.cgn.icom> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello/Beste Bogdan, Wednesday, July 10, 2002, 2:55:45 PM, you wrote: BT> Hi, BT> I have the following problem on a FreeBSD 4.6 machine: compiled the BT> kernel with the following options: BT> options IPFIREWALL #firewall BT> options IPFIREWALL_VERBOSE #enable logging to syslogd(8) BT> options IPFIREWALL_FORWARD #enable transparent proxy support BT> options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity BT> options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by BT> default BT> options IPDIVERT #divert sockets BT> options IPFILTER #ipfilter support BT> options IPFILTER_LOG #ipfilter logging BT> rebooted that kernel, and tried: BT> (14:57) root@(bgd)[~] ipf -E BT> IP Filter: already initialized BT> (14:58) root@(bgd)[~] ipf block in all from any to any BT> (14:58) root@(bgd)[~] ipfstat -i BT> empty list for ipfilter(in) BT> (14:58) root@(bgd)[~] ipfstat -o BT> empty list for ipfilter(out) BT> Why are the rules still empty? Of course, I am able to ping/whatever all BT> the machines from the exterior, and the same with my machine. BT> What am I doing wrong? BT> Some more infos: BT> (14:58) root@(bgd)[~] uname -a BT> FreeBSD bgd.icomag.de 4.6-RELEASE FreeBSD 4.6-RELEASE #3: Wed Jul 10 BT> 14:42:21 CEST 2002 root@bgd.icomag.de:/usr/src/sys/compile/bgd i386 BT> (14:59) root@(bgd)[~] ipf -V BT> ipf: IP Filter: v3.4.27 (336) BT> Kernel: IP Filter: v3.4.27 BT> Running: yes BT> Log Flags: 0 = none set BT> Default: pass all, Logging: available BT> Active list: 0 BT> Thank you, BT> bogdan You have to place the rules in the file /etc/ipf.rules and you have to modify your rc.conf to load these and start the firewall. I notice that you have two firewall ipfw and ipf. -- Best regards/Met vriendelijke groet, Alex To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message