From owner-freebsd-questions Tue Apr 14 14:52:16 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA23934 for freebsd-questions-outgoing; Tue, 14 Apr 1998 14:52:16 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from falconsoft.com (guff@ns.falconsoft.com [206.112.36.6]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA23838 for ; Tue, 14 Apr 1998 21:52:00 GMT (envelope-from guff@falconsoft.com) Received: from localhost (guff@localhost) by falconsoft.com (8.8.8/8.8.7) with SMTP id RAA06323; Tue, 14 Apr 1998 17:51:32 -0400 (EDT) (envelope-from guff@falconsoft.com) Date: Tue, 14 Apr 1998 17:51:31 -0400 (EDT) From: Tim Gustafson To: Spike Gronim cc: Dima Dorfman , fbsdqs Subject: Re: IPFW In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > My ipfwcommands script now reads: > > #!/bin/sh > > ipfw add 10000 deny tcp from localhost to panix.com > ipfw add 10010 deny tcp from panix.com to localhost > ipfw add allow ip from any to any > > and it still does not add the first two rules. Something to keep in mind is that before your firewalls rules are actually loaded, the server has no ability to lookup DNS, since it doesn't have any rights to go to the outside network. Firewall rules are not just for the users of a system, but for the system as well. Try adding sumthin like: ipfw add 09000 allow udp from any to any 53 ipfw add 09000 allow tcp from any to any 53 tim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message