Date: Wed, 01 Oct 2003 14:14:16 -0500 From: "Kevin D. Kinsey, DaleCo, S.P." <kdk@daleco.biz> To: "Andrew L. Gould" <algould@datawok.com> Cc: Gary <gv-list-freebsdquestions@mygirlfriday.info> Subject: Re: Firewall problem Message-ID: <3F7B2788.8040205@daleco.biz> In-Reply-To: <200310011329.23459.algould@datawok.com> References: <20031001181817.21832.qmail@letric.mygirlfriday.info> <200310011329.23459.algould@datawok.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Andrew L. Gould wrote: >On Wednesday 01 October 2003 01:18 pm, Gary wrote: > > >>I have set my firewall to >> >>firewall_type="open" >>firewall_enable="YES" >> >>and when I want to drop a specific IP, I enter it manually, it accepts it, >>but it does not drop the packets.. >> >>I am getting a lot of virus activity on my SMTP port 25. So I wanted to >>drop a few IP ranges/addresses.. >> >>00100 62054 5483792 allow ip from any to any via lo0 >>00200 0 0 deny ip from any to 127.0.0.0/8 >>00300 0 0 deny ip from 127.0.0.0/8 to any >>65000 873327 293931424 allow ip from any to any >>65100 0 0 deny tcp from 24.92.226.153 to any >>65110 0 0 deny ip from 213.191.102.86 to any >>65535 0 0 deny ip from any to any >> >>Yet, checking later in my SMTP logs, I am still getting pounded by the >>listed addresses. Can anyone explain why this isn't working? >> >>Thanks, >> >> > >I'm a newbie at firewalls; but I'll take a guess: Doesn't rule 65000 let all >ip packets in before rules 65100 and 65110 are considered? > >Andrew > > Yes, in this case, since this is ipfw, and "first match wins." Using ipf, it's the opposite; gotta love 'Nix! ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F7B2788.8040205>