Date: Sun, 23 Aug 1998 21:57:05 -0700 (PDT) From: William Woods <wwoods@cybcon.com> To: FreebSD Current <freebsd-current@FreeBSD.ORG> Subject: Firewall Rules are weird.....look at this...in current.... Message-ID: <XFMail.980823215705.wwoods@cybcon.com>
next in thread | raw e-mail | index | archive | help
Date: Sun, 23 Aug 1998 21:42:39 -0700 (PDT)
From: William Woods <wwoods@cybcon.com>
To: FreeBSD Questions <freebsd-questions@FreeBSD.ORG>
Subject: Firewall Rules are weird.....look at this...
I just compiled todays cvsup of current and all is fine except this. Here is a
portion of my firewall rules:
-------------------------------------
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
65000 allow ip from any to any
65535 allow ip from any to any
00000 deny ip from any to any
00000 deny ip from any to any
00000 deny ip from any to any
00000 deny ip from any to any
00000 deny ip from any to any
00000 deny ip from any to any
00000 deny ip from any to any
00000 deny ip from any to any
00000 deny ip from any to any
00000 deny ip from any to any
00000 deny ip from any to any
00000 deny ip from any to any
00000 deny ip from any to any
00000 deny ip from any to any
00000 deny ip from any to any
00000 deny ip from any to any
00000 deny ip from any to any
00000 deny ip from any to any
00000 deny ip from any to any
00000 deny ip from any to any
00000 deny ip from any to any
00000 deny ip from any to any
00000 deny ip from any to any
There are about 10 more occourances of the 00000 rules.....
--------------------------------
Where do all those 00000 rules come from?? Here is a snip of my kernel
configuration as pertaining to the firewall:
# Firewall
options "TCP_COMPAT_42" #emulate 4.2BSD TCP bugs
options MROUTING # Multicast routing
options IPFIREWALL #firewall
options IPFIREWALL_VERBOSE #print information about
# dropped packets
options IPFIREWALL_FORWARD #enable xparent proxy support
options "IPFIREWALL_VERBOSE_LIMIT=100" #limit verbosity
options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default
options IPDIVERT #divert sockets
options IPFILTER #kernel ipfilter support
options IPFILTER_LOG #ipfilter logging
#options IPFILTER_LKM #kernel support for ip_fil.o LKM
options TCPDEBUG
------------------------------------
And here is the rc.conf as pertains to firewalls:
firewall_enable="YES" # Set to YES to enable firewall functionality
firewall_type="OPEN" # Firewall type (see /etc/rc.firewall)
firewall_quiet="NO" # Set to YES to suppress rule display
------------------------------------------------
And here is the portion of rc.firewall I use....
# Only in rare cases do you want to change these rules
$fwcmd add 100 pass all from any to any via lo0
$fwcmd add 200 deny all from any to 127.0.0.0/8
# Prototype setups.
if [ "${firewall_type}" = "open" -o "${firewall_type}" = "OPEN" ]; then
$fwcmd add 65000 pass all from any to any
elif [ "${firewall_type}" = "client" ]; then
---------------------------------
The firewall actually works, blocks ports when I add then, I am just unnerved
by all those 00000 rules.....any ideas?
---------------------
William Woods <wwoods@cybcon.com>
Date: 23-Aug-98 / Time: 21:42:39
goto to: http//www.freebsd.org.
--> FreeBSD 3.0 CURRENT <--
--------------End of forwarded message-------------------------
---------------------
William Woods <wwoods@cybcon.com>
Date: 23-Aug-98 / Time: 21:56:28
goto to: http//www.freebsd.org.
--> FreeBSD 3.0 CURRENT <--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.980823215705.wwoods>