From owner-freebsd-questions Tue May 15 12:40:18 2001 Delivered-To: freebsd-questions@freebsd.org Received: from router.darlow.co.uk (pc1-bigg2-0-cust221.lut.cable.ntl.com [62.255.179.221]) by hub.freebsd.org (Postfix) with ESMTP id 77DDB37B424 for ; Tue, 15 May 2001 12:40:02 -0700 (PDT) (envelope-from neil@darlow.co.uk) Received: from ideal.darlow.co.uk (neil@ideal.darlow.co.uk [192.168.0.3]) by router.darlow.co.uk (8.11.1/8.11.1) with SMTP id f4FJdfL01915; Tue, 15 May 2001 20:39:41 +0100 (BST) (envelope-from neil@darlow.co.uk) From: Neil Darlow Date: Tue, 15 May 2001 19:39:51 GMT Message-ID: <20010515.19395100@ideal.darlow.co.uk> Subject: Re: dhclient-ipfw oddity To: Dru Cc: freebsd-questions@FreeBSD.ORG In-Reply-To: References: X-Mailer: Mozilla/3.0 (compatible; StarOffice/5.2;Linux) X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 5/15/01, 7:27:44 PM, Dru wrote: > What is the output of "ipfw show"? -- snip -- 00100 0 0 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 192.168.0.0/24 to any in recv ed0 00400 0 0 deny ip from any to 10.0.0.0/8 via ed0 00500 0 0 deny ip from any to 172.16.0.0/12 via ed0 00600 0 0 deny ip from any to 192.168.0.0/16 via ed0 00700 0 0 deny ip from any to 0.0.0.0/8 via ed0 00800 0 0 deny ip from any to 169.254.0.0/16 via ed0 00900 0 0 deny ip from any to 192.0.2.0/24 via ed0 01000 0 0 deny ip from any to 224.0.0.0/4 via ed0 01100 0 0 deny ip from any to 240.0.0.0/4 via ed0 01200 1 328 divert 8668 ip from any to any via ed0 01300 0 0 deny ip from 10.0.0.0/8 to any via ed0 01400 0 0 deny ip from 172.16.0.0/12 to any via ed0 01500 0 0 deny ip from 192.168.0.0/16 to any via ed0 01600 0 0 deny ip from 0.0.0.0/8 to any via ed0 01700 0 0 deny ip from 169.254.0.0/16 to any via ed0 01800 0 0 deny ip from 192.0.2.0/24 to any via ed0 01900 0 0 deny ip from 224.0.0.0/4 to any via ed0 02000 0 0 deny ip from 240.0.0.0/4 to any via ed0 02100 141 9284 allow tcp from any to any established 02200 0 0 allow ip from any to any frag 02300 0 0 allow icmp from any to any 02400 0 0 allow tcp from any to any 20,21 in recv ed0 setup 02500 0 0 allow tcp from any to any 22 in recv ed0 setup 02600 0 0 allow tcp from any to any 25 in recv ed0 setup 02700 0 0 allow tcp from any to any 80 in recv ed0 setup 02800 0 0 allow tcp from any to any 113 in recv ed0 setup 02900 0 0 deny log logamount 100 tcp from any to any in recv ed0=20 setup 03000 0 0 allow tcp from any to any setup 03100 0 0 allow udp from any 53 to any out xmit ed0 03200 0 0 allow udp from any to any 53 in recv ed0 03300 0 0 allow udp from any 123 to any out xmit ed0 03400 0 0 allow udp from any to any 123 in recv ed0 03500 0 0 allow ip from any to any via ed1 65535 57 14421 deny ip from any to any -- snip -- ed1 is my internal NIC. For my earlier test, rule 3600 was added to log denied packets. Regards, Neil Darlow. -- 1024D/531F9048 1999-09-11 Neil Darlow Key fingerprint =3D 359D B8FF 6273 6C32 BEAA 43F9 E579 E24A 531F 9048 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message