From owner-freebsd-stable  Thu Dec  5  3:41:24 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id DCDA737B401; Thu,  5 Dec 2002 03:41:22 -0800 (PST)
Received: from mta09.mail.mel.aone.net.au (mta09.mail.au.uu.net [203.2.192.90])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 93B8543ECD; Thu,  5 Dec 2002 03:41:21 -0800 (PST)
	(envelope-from rbyrnes@ozemail.com.au)
Received: from pootah ([63.60.241.125]) by mta09.mail.mel.aone.net.au
          with SMTP
          id <20021205114111.CUAX27722.mta09.mail.mel.aone.net.au@pootah>;
          Thu, 5 Dec 2002 22:41:11 +1100
Message-ID: <001201c29c53$32067da0$3164a8c0@pootah>
From: "Rob B" <rbyrnes@ozemail.com.au>
To: "freebsd-stable" <freebsd-stable@freebsd.org>
Cc: "freebsd-alpha" <freebsd-alpha@freebsd.org>
Subject: ipfw troubles
Date: Thu, 5 Dec 2002 08:49:05 +1100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

Recently compiled a new kernel for my Multia to do some firewalling. Now,
when trying to show the current rules, I get this:

[root@doormat]/root: ipfw list
00000  ip from any to any [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0]
[opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode
0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0]
[opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 ^C

Relevant kernel options are as follows:

options         ICMP_BANDLIM            #Rate limit bad replies
options         RANDOM_IP_ID            #See ../../i386/conf/LINT
options         IPFIREWALL              #firewall
options         IPFIREWALL_VERBOSE      #enable logging to syslogd(8)
options         IPFIREWALL_FORWARD      #enable transparent proxy support
options         IPFIREWALL_VERBOSE_LIMIT=500    #limit verbosity
options         IPDIVERT                #Divert sockets
options         DUMMYNET                #Bandwidth limiter
options         HZ=200

/etc/rc.conf has

firewall_enable="YES"
firewall_type=OPEN

I'm currently only able to access the box from serial console, and
/var/log/ipfw.today shows:

00300      0         0 deny ip from 127.0.0.0:255.0.0.0 to
anymber6.loop.bpa.nu
65535      0         0 deny ip from any to any

Any thoughts?

cheers,
Rob

--   "Teaching should be such that what is offered is perceived
as a valuable gift and not as a hard duty." - Albert Einstein
This is quote 76 of 1254.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message