From owner-freebsd-questions Tue Sep 23 14:34:09 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id OAA06758 for questions-outgoing; Tue, 23 Sep 1997 14:34:09 -0700 (PDT) Received: from roguetrader.com (brandon@cold.org [206.81.134.103]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id OAA06753 for ; Tue, 23 Sep 1997 14:34:07 -0700 (PDT) Received: from localhost (brandon@localhost) by roguetrader.com (8.8.5/8.8.5) with SMTP id PAA01746 for ; Tue, 23 Sep 1997 15:34:50 -0600 (MDT) Date: Tue, 23 Sep 1997 15:34:50 -0600 (MDT) From: Brandon Gillespie To: freebsd-questions@freebsd.org Subject: Using 'ipfw' but still allowing access to the net devices.. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Just curious, how do I use 'ipfw' AND a routing daemon? I need my 'firewall' to also talk some routing protocol (any protocol, RIP if need be), but when I run routed or gated I get permission denied, because ipfw isn't allowing it on the local machines. If I add the rule: ipfw add 65000 pass all from any to any And then startup the routing daemon (either routed or gated) it works FINE, but that is really not a rule I want to keep around. What rule would I add to allow routed/gated to work, but still keep everything else locked down? At the very least, what rule could I add to allow access from the devices to THAT MACHINE, rather than simply forwarding them to another device--I can always disable all network services on the machine (perhaps leaving sshd and thats it). -Brandon Gillespie