From owner-freebsd-questions@FreeBSD.ORG Mon Apr 3 23:45:05 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5331416A422 for ; Mon, 3 Apr 2006 23:45:05 +0000 (UTC) (envelope-from micatod@koproject.org) Received: from smtp6-g19.free.fr (smtp6-g19.free.fr [212.27.42.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id 69CA843D53 for ; Mon, 3 Apr 2006 23:45:04 +0000 (GMT) (envelope-from micatod@koproject.org) Received: from [192.168.0.12] (lap34-2-82-237-92-40.fbx.proxad.net [82.237.92.40]) by smtp6-g19.free.fr (Postfix) with ESMTP id 4AD021DEA7; Tue, 4 Apr 2006 01:45:02 +0200 (CEST) Message-ID: <4431B37F.7040306@koproject.org> Date: Tue, 04 Apr 2006 01:45:03 +0200 From: michael User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051013) X-Accept-Language: fr, en MIME-Version: 1.0 To: Bob Johnson References: <442EF069.7020105@koproject.org> <442EF841.6040406@greenmeadow.ca> <442EFB06.6040808@koproject.org> <54db43990604031047q13aa50ecldac8799c8d7c3a41@mail.gmail.com> In-Reply-To: <54db43990604031047q13aa50ecldac8799c8d7c3a41@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Cc: Duane Whitty , bobo1009@mailtest2.eng.ufl.edu, questions@freebsd.org Subject: Re: ipfw dosn"t want to run a rule ???? is it possible ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2006 23:45:05 -0000 Ok, u're right, i set up the rules and all is ok, now i've two problems: first, i think i'm resolving it... => i want to block MAC adress, so i've found informations who explain the nessessary BRIDGE option in the kernel conf (so i'm compiling a new one at the moment) and later => ipfw add deny from any to any MAC any xx:xx:xx:xx:xx ... will work... second, i will block traffic like msn or other messenger using the port 80, and block sites filtering his contents, and for that i've no idea how to do that so if someone have understand what i try to explain in english... thanx for ure help Michael. Bob Johnson a écrit : >On 4/1/06, michael wrote: > > >>Thanx for ure answer, u're french is prety understandable ;-) >> >>I'm really sorry, i dont have subscribe to this mailing list, i was >>trying to send mail to questions@freebsd.org-fr and i've made a mistake, >>and the second mail was for another mailling list (what happend this >>evening ???) but if u're able to help me it's welcome. >> >> >> > >questions@freebsd.org is a mailing list > > > >>This is my problem (sorry for my bad english): >>I've made a firewall with ipfw on a freebsd 6, i sent the rules (ipfw -a >>-d -t list) and the log >> >>I really don't understand why the packet don't match with the rule. >> >> > >Sorry I can't reply in French, but from your original posting: > >00020 0 0 skipto 800 udp from any to any dst-port 53 out via rl0 setup >keep-state >00021 0 0 skipto 800 udp from any to any dst-port 53 out via rl0 setup >keep-state >00022 0 0 skipto 800 tcp from any to any dst-port 53 out via rl0 setup >keep-state >00023 0 0 skipto 800 udp from any to any out via rl0 setup keep-state > >I don't think there is such a thing as a UDP "setup" packet, so a UDP >"setup" filter will probably never match a packet. It might work as >you expect if you removed "setup" from the UDP packet filters. > >- Bob > >