From owner-freebsd-stable Tue Nov 19 23:31:52 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EC05337B401 for ; Tue, 19 Nov 2002 23:31:50 -0800 (PST) Received: from mail.distalzou.net (203.141.139.231.user.ad.il24.net [203.141.139.231]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4FF1543E6E for ; Tue, 19 Nov 2002 23:31:45 -0800 (PST) (envelope-from devin@spamcop.net) Received: from localhost ([127.0.0.1]) by mail.distalzou.net with esmtp (Exim 3.36 #1) id 18EPKY-0007S3-00; Wed, 20 Nov 2002 16:31:26 +0900 Date: Wed, 20 Nov 2002 16:31:26 +0900 (JST) From: Tod McQuillin X-X-Sender: devin@glass.pun-pun.prv To: JY Cc: freebsd-stable@FreeBSD.ORG Subject: Re: ipfw rules loaded but never evaluated In-Reply-To: <20021120071612.GA53898@leafy.idv.tw> Message-ID: <20021120162921.L51294-100000@glass.pun-pun.prv> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 20 Nov 2002, JY wrote: > What's worse now is that I can still ssh into the host which is a 'closed' firewall and rules as: > 0100 0 0 allow ip from any to any via lo0 > 00200 0 0 deny ip from any to 127.0.0.0/8 > 00300 0 0 deny ip from 127.0.0.0/8 to any > 65535 0 0 deny ip from any to any Do you have firewall_enable="YES" in /etc/rc.conf? What do you get from "sysctl net.inet.ip.fw.enable" ? -- Tod McQuillin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message