From owner-freebsd-questions@FreeBSD.ORG Tue Nov 6 13:44:38 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AC5F716A419 for ; Tue, 6 Nov 2007 13:44:38 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from smtp4.yandex.ru (smtp4.yandex.ru [213.180.223.136]) by mx1.freebsd.org (Postfix) with ESMTP id DDC1413C4A7 for ; Tue, 6 Nov 2007 13:44:37 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from ns.kirov.so-cdu.ru ([77.72.136.145]:64964 "EHLO [127.0.0.1]" smtp-auth: "bu7cher" TLS-CIPHER: "DHE-RSA-AES256-SHA keybits 256/256 version TLSv1/SSLv3" TLS-PEER-CN1: ) by mail.yandex.ru with ESMTP id S738156AbXKFNcD (ORCPT ); Tue, 6 Nov 2007 16:32:03 +0300 X-Comment: RFC 2476 MSA function at smtp4.yandex.ru logged sender identity as: bu7cher Message-ID: <47306CD0.7030301@yandex.ru> Date: Tue, 06 Nov 2007 16:32:00 +0300 From: "Andrey V. Elsukov" User-Agent: Mozilla Thunderbird 1.5 (FreeBSD/20051231) MIME-Version: 1.0 To: Eric F Crist References: <473009B2.40406@yandex.ru> <4C884976-8734-4112-8520-2E30893C0BE3@secure-computing.net> In-Reply-To: <4C884976-8734-4112-8520-2E30893C0BE3@secure-computing.net> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, User Questions Subject: Re: IPFW/Divert problem... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Nov 2007 13:44:38 -0000 Eric F Crist wrote: > firewall_enable="YES" > firewall_script="/etc/ipfw.sh" > > FWIW, ipfw.sh ONLY has count rules it it. There isn't any NAT/etc going > on here. Also, IPFW was compiled with DEFAULT TO ACCEPT, since I'm not > really using it for anything other than accounting. In the your /etc/ipfw.sh script you should use "-f" flag when you run ipfw flush command. -- WBR, Andrey V. Elsukov