From owner-freebsd-current Sun Aug 23 22:39:18 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id WAA24231 for freebsd-current-outgoing; Sun, 23 Aug 1998 22:39:18 -0700 (PDT) (envelope-from owner-freebsd-current@FreeBSD.ORG) Received: from mail.cybcon.com (mail.cybcon.com [205.147.64.46]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA24207 for ; Sun, 23 Aug 1998 22:39:16 -0700 (PDT) (envelope-from wwoods@cybcon.com) Received: from support1.cybcon.com (william@support1.cybcon.com [205.147.76.99]) by mail.cybcon.com (8.9.0/8.9.0) with ESMTP id VAA09870 for ; Sun, 23 Aug 1998 21:57:10 -0700 (PDT) Message-ID: X-Mailer: XFMail 1.3 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 Date: Sun, 23 Aug 1998 21:57:05 -0700 (PDT) Reply-To: wwoods@cybcon.com From: William Woods To: FreebSD Current Subject: Firewall Rules are weird.....look at this...in current.... Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Date: Sun, 23 Aug 1998 21:42:39 -0700 (PDT) From: William Woods To: FreeBSD Questions Subject: Firewall Rules are weird.....look at this... I just compiled todays cvsup of current and all is fine except this. Here is a portion of my firewall rules: ------------------------------------- 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 65000 allow ip from any to any 65535 allow ip from any to any 00000 deny ip from any to any 00000 deny ip from any to any 00000 deny ip from any to any 00000 deny ip from any to any 00000 deny ip from any to any 00000 deny ip from any to any 00000 deny ip from any to any 00000 deny ip from any to any 00000 deny ip from any to any 00000 deny ip from any to any 00000 deny ip from any to any 00000 deny ip from any to any 00000 deny ip from any to any 00000 deny ip from any to any 00000 deny ip from any to any 00000 deny ip from any to any 00000 deny ip from any to any 00000 deny ip from any to any 00000 deny ip from any to any 00000 deny ip from any to any 00000 deny ip from any to any 00000 deny ip from any to any 00000 deny ip from any to any There are about 10 more occourances of the 00000 rules..... -------------------------------- Where do all those 00000 rules come from?? Here is a snip of my kernel configuration as pertaining to the firewall: # Firewall options "TCP_COMPAT_42" #emulate 4.2BSD TCP bugs options MROUTING # Multicast routing options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #print information about # dropped packets options IPFIREWALL_FORWARD #enable xparent proxy support options "IPFIREWALL_VERBOSE_LIMIT=100" #limit verbosity options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default options IPDIVERT #divert sockets options IPFILTER #kernel ipfilter support options IPFILTER_LOG #ipfilter logging #options IPFILTER_LKM #kernel support for ip_fil.o LKM options TCPDEBUG ------------------------------------ And here is the rc.conf as pertains to firewalls: firewall_enable="YES" # Set to YES to enable firewall functionality firewall_type="OPEN" # Firewall type (see /etc/rc.firewall) firewall_quiet="NO" # Set to YES to suppress rule display ------------------------------------------------ And here is the portion of rc.firewall I use.... # Only in rare cases do you want to change these rules $fwcmd add 100 pass all from any to any via lo0 $fwcmd add 200 deny all from any to 127.0.0.0/8 # Prototype setups. if [ "${firewall_type}" = "open" -o "${firewall_type}" = "OPEN" ]; then $fwcmd add 65000 pass all from any to any elif [ "${firewall_type}" = "client" ]; then --------------------------------- The firewall actually works, blocks ports when I add then, I am just unnerved by all those 00000 rules.....any ideas? --------------------- William Woods Date: 23-Aug-98 / Time: 21:42:39 goto to: http//www.freebsd.org. --> FreeBSD 3.0 CURRENT <-- --------------End of forwarded message------------------------- --------------------- William Woods Date: 23-Aug-98 / Time: 21:56:28 goto to: http//www.freebsd.org. --> FreeBSD 3.0 CURRENT <-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message