Date: Fri, 28 Jun 1996 09:03:08 +0200 (SAT) From: R Bezuidenhout <rbezuide@mikom.csir.co.za> To: phk@FreeBSD.org (Poul-Henning Kamp) Cc: nate@mt.sri.com, current@FreeBSD.org, alex@FreeBSD.org Subject: Re: IPFW bugs? Message-ID: <199606280703.JAA25313@zibbi.mikom.csir.co.za> In-Reply-To: <4616.835943754@critter.tfs.com> from Poul-Henning Kamp at "Jun 27, 96 11:35:54 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Hi there ... > In message <199606280606.AAA13890@rocky.mt.sri.com>, Nate Williams writes: > >> > Add "log" to all rules and see which number lets you though. > >> > >> Ahh, I didn't realize you could 'log' accept rules. I'll do that. > > > >OK, here's the rule that let's *EVERYTHING* through. > > > ># Should be allowing DNS through, which can be either UDP/TCP > >ipfw add 21 pass log all from any 53 to any via $1 > > Yes, (I just talk(1)'ed Nate). The curent implentation doesn't complain > about "over-specified" rules. The portnumber isn't used with "all" as > protocol. > > ipfw and the kernel should both complain about such a rule being set. Yes .. this is true ... according to my previous mail I tried this but somehome ... well ... on the wrong interface :) Sorry for that! I guess I would quilify for some kind of "HAT" or something like-wise :) Reinier -- ######################################################################## # # # Reinier Bezuidenhout Company: Mikomtek CSIR, ZA # # # # Network Engineer - NetSec development team # # # # Current Projects: NetSec - Secure Platform firewall system # # http://www.mikom.csir.co.za # # # # E-mail: rbezuide@mikom.csir.co.za # # # ########################################################################
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606280703.JAA25313>