From owner-freebsd-stable Tue Oct 19 18:40:19 1999 Delivered-To: freebsd-stable@freebsd.org Received: from s01.arpa-canada.net (s01.arpa-canada.net [209.104.122.2]) by hub.freebsd.org (Postfix) with ESMTP id ED7A1184CD for ; Tue, 19 Oct 1999 18:40:14 -0700 (PDT) (envelope-from matt@BabCom.ORG) Received: by s01.arpa-canada.net (Postfix, from userid 1001) id E6BDDB888; Tue, 19 Oct 1999 21:11:33 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by s01.arpa-canada.net (Postfix) with ESMTP id E2C37B for ; Tue, 19 Oct 1999 21:11:33 -0400 (EDT) Date: Tue, 19 Oct 1999 21:11:33 -0400 (EDT) From: matt X-Sender: matt@s01.arpa-canada.net To: FreeBSD-STABLE Subject: ipfw rule wrong in rc.firewall(?) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello, I don't know if this is what I think it is, but it sure took me back a little bit. Please note that I may be totally wrong, but here is what I expierenced on *MY* two FreeBSD 3.3-STABLE machines: IPFW rules for DNS udp like this: ipfw -q add allow udp from any 53 to 209.104.122.0/24 ..... much later on ..... ipfw -q add deny udp from any to 209.104.122.0/24 now this udp allow for dns comes straight from /usr/src/etc/rc.firewall. <--- quote # Allow DNS queries out in the world $fwcmd add pass udp from any 53 to ${ip} $fwcmd add pass udp from ${ip} to any 53 end quote ---> This, totally broke anyone else being able to lookup domains served by my namservers, a thought meant doing this; ipfw -q add allow udp from any to 209.104.122.0/24 53 Which worked perfectly fine. I have not taken the time to dig into the problem, I haven't slept, and am quite too tired to do this tonight. I am reporting what I saw on my machine with the example not working. This is probably just a matter of updating the example rc.firewall? I'll leave it to the big boys to decide. Thanks. Matt -- "If the primates that we came from had known that someday politicians would come out of the...the gene pool, they'd a stayed up in the trees and written evolution off as a bad idea. Hell, I always thought the opposable thumb was overrated." -Sheridan, "A Distant Star" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message