From owner-freebsd-current  Thu Jun 27 23:37:37 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id XAA11769
          for current-outgoing; Thu, 27 Jun 1996 23:37:37 -0700 (PDT)
Received: from zibbi.mikom.csir.co.za (zibbi.mikom.csir.co.za [146.64.24.58])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id XAA11747;
          Thu, 27 Jun 1996 23:37:23 -0700 (PDT)
Received: (from rbezuide@localhost) by zibbi.mikom.csir.co.za (8.7.5/8.7.3) id IAA24844; Fri, 28 Jun 1996 08:36:28 +0200 (SAT)
From: R Bezuidenhout <rbezuide@mikom.csir.co.za>
Message-Id: <199606280636.IAA24844@zibbi.mikom.csir.co.za>
Subject: Re: IPFW bugs?
To: nate@mt.sri.com (Nate Williams)
Date: Fri, 28 Jun 1996 08:36:28 +0200 (SAT)
Cc: nate@mt.sri.com, phk@FreeBSD.ORG, current@FreeBSD.ORG
In-Reply-To: <199606280606.AAA13890@rocky.mt.sri.com> from Nate Williams at "Jun 28, 96 00:06:54 am"
X-Mailer: ELM [version 2.4ME+ PL16 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-current@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Hi all

> > > Add "log" to all rules and see which number lets you though.
> > 
> > Ahh, I didn't realize you could 'log' accept rules.  I'll do that.
> 
> OK, here's the rule that let's *EVERYTHING* through.
> 
> # Should be allowing DNS through, which can be either UDP/TCP
> ipfw add  21 pass log all from any 53 to any via $1

I tried this rule because I haven't seen anything like this
before ...

duzi# ipfw list
FireWall chain entries: 128 0
65000 accept all from any to any
65535 deny all from any to any
duzi# ipfw add 21 pass log all from any 53 to any via ed0
00021 accept log all from any 53 to any via ed0
duzi# ipfw list
FireWall chain entries: 192 0
00021 accept log all from any 53 to any via ed0
65000 accept all from any to any
65535 deny all from any to any
duzi# ipfw delete 65000

Connection gone .....


According to this .. it is "seems" :) impossible that rule
21 can cause *EVERYTHING* to go through !

Another thing .. if you are able to delete the default rule
then you do not "I think" :) have the latest ipfw, user level
and kernel.

Are you 0.0.0.0/0 instead of all ???

Bye
> 
> But, I get icmp packets, telnet, ftp, etc...
> 
> Somehow the '53' port isn't being used at all.
> 
> 
> Nate
> 


-- 
########################################################################
#                                                                      #
#   Reinier Bezuidenhout             Company: Mikomtek CSIR, ZA        #
#                                                                      #
#   Network Engineer - NetSec development team                         #
#                                                                      #
#   Current Projects: NetSec - Secure Platform firewall system         #
#                     http://www.mikom.csir.co.za                      #
#                                                                      #
#   E-mail: rbezuide@mikom.csir.co.za                                  #
#                                                                      #
########################################################################