From owner-freebsd-questions@FreeBSD.ORG Tue Nov 11 04:01:23 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8267F16A4CE for ; Tue, 11 Nov 2003 04:01:23 -0800 (PST) Received: from ptb-mailc05.plus.net (ptb-mailc05.plus.net [212.159.14.211]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8EE4B43F75 for ; Tue, 11 Nov 2003 04:01:22 -0800 (PST) (envelope-from simong@desktop-guardian.com) Received: from [81.174.227.186] (helo=desktop-guardian.com) by ptb-mailc05.plus.net with smtp (Exim 4.12) id 1AJXCz-0006Dw-00 for freebsd-questions@freebsd.org; Tue, 11 Nov 2003 12:01:21 +0000 Received: (qmail 16516 invoked by uid 1006); 11 Nov 2003 12:01:30 -0000 Received: from simong@desktop-guardian.com by dtg25 by uid 82 with qmail-scanner-1.16 (clamscan: 0.54. spamassassin: 2.55. Clear:. Processed in 11.329687 secs); 11 Nov 2003 12:01:30 -0000 Received: from unknown (HELO dtg17) (192.168.0.17) by 192.168.0.25 with SMTP; 11 Nov 2003 12:01:17 -0000 Message-ID: <01ae01c3a84b$5bb0c1b0$1100a8c0@dtg17> From: "Simon Gray" To: "Shawn Guillemette" , References: <006201c3a7ff$a9b227b0$6701a8c0@tacstation> Date: Tue, 11 Nov 2003 12:00:10 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Re: ipfw question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Nov 2003 12:01:23 -0000 >63000 0 0 deny log logamount 100 udp from any to any 119 via sis0 >63000 24 1152 deny log logamount 100 tcp from any to any 135 via sis0 >63000 0 0 deny log logamount 100 udp from any to any 135 via sis0 >63000 is the rule number correct? >IM wondering what the other 2 places are.. >24 and 1152 if you're getting 0 on the other rules, it probably means its not running those rules. So therefore it won't actually log if it isn't get to that rule. also from the looks of things, if you're trying to block windows filesharing/smb you might want to block 135 - 139 both tcp/udp (instead of specifiying 135 in the rule add '135-139') rather than just 135 tcp/udp >Are they inbound and outbound? well depends (could be both yes), anything thats aimed at tcp 135 will be denied and logged >Do I make any sence? Not really :/ whats the question?