From owner-freebsd-questions@FreeBSD.ORG Wed Aug 27 05:45:02 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 402D216A4FA for ; Wed, 27 Aug 2003 05:45:02 -0700 (PDT) Received: from ei.bzerk.org (ei.xs4all.nl [213.84.67.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id A3C3D43FCB for ; Wed, 27 Aug 2003 05:45:00 -0700 (PDT) (envelope-from mail23@bzerk.org) Received: from ei.bzerk.org (BOFH@localhost [127.0.0.1]) by ei.bzerk.org (8.12.9/8.12.9) with ESMTP id h7RCjpkS056740; Wed, 27 Aug 2003 14:45:51 +0200 (CEST) (envelope-from bulk@ei.bzerk.org) Received: (from bulk@localhost) by ei.bzerk.org (8.12.9/8.12.9/Submit) id h7RCjpZ0056739; Wed, 27 Aug 2003 14:45:51 +0200 (CEST) Date: Wed, 27 Aug 2003 14:45:51 +0200 From: Ruben de Groot To: freebsd-questions@freebsd.org Message-ID: <20030827124551.GA56616@ei.bzerk.org> Mail-Followup-To: Ruben de Groot , freebsd-questions@freebsd.org, Vitali Malicky , Johan Paul References: <2676.193.166.135.194.1061983372.squirrel@silakka.nettikala.fi> <003601c36c91$2eb13910$2401010a@zone3000.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <003601c36c91$2eb13910$2401010a@zone3000.net> User-Agent: Mutt/1.4.1i cc: Johan Paul cc: Vitali Malicky Subject: Re: Correct syntax for ipfw to allow local traffic? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Aug 2003 12:45:02 -0000 On Wed, Aug 27, 2003 at 02:48:50PM +0300, Vitali Malicky typed: > > > Hi all, > Hi! > > > > > I have > > 00100 allow ip from any to any via lo0 > > in my firewall script. But although I get lines like > > > > silakka /kernel: Connection attempt to TCP 127.0.0.1:2000 from > 127.0.0.1:3914 > > > > into my messages log. It is jsst like the firewall although blocks local > > traffic. What should I add or modify to allow traffic via loopback and/or > > from and to 127.0.0.1 ? > > /sbin/ipfw -q add 00001 allow ip from 127.0.0.1 to 127.0.0.1 via lo0 This won't help. He allready allows "any to any via lo0". Anyway, it's not the firewall logging these "Connection attempt to" lines to /var/log/messages. What happens here is some proces tries to make a connection on a port where no other proces is listening. There can be many reasons for this. If you don't want to see these messages anymore put the line net.inet.tcp.log_in_vain=0 in /etc/sysctl.conf Ruben > ========= > > I usually configure tyhe firewall in /etc/rc.firewall. > > when I modify firewall rules on the remote servers I responsible of, first I > make a copy of rc.firewall, say, rc.firewall.new and make all necessary > changes in _this_ file, then I run "shutdown -r +5min" and only after that > I execute /etc/rc.firewall.new > # /etc/rc.firewall.new nohup & > if it's alright and I'm still there on the server I just kill the shutdown > process, if not, the machine reboots with the old rules... > > Best of luck! > > > > > > > > > Regards, > > > > Johan Paul > > > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"