Site Navigation

Date:      Tue, 15 May 2001 19:39:51 GMT
From:      Neil Darlow <neil@darlow.co.uk>
To:        Dru <genisis@istar.ca>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: dhclient-ipfw oddity
Message-ID:  <20010515.19395100@ideal.darlow.co.uk>
In-Reply-To: <Pine.BSF.4.21.0105151426260.11539-100000@istar.ca>
References:  <Pine.BSF.4.21.0105151426260.11539-100000@istar.ca>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

On 5/15/01, 7:27:44 PM, Dru <genisis@istar.ca> wrote:

> What is the output of "ipfw show"?

-- snip --
00100   0     0 allow ip from any to any via lo0
00200   0     0 deny ip from any to 127.0.0.0/8
00300   0     0 deny ip from 192.168.0.0/24 to any in recv ed0
00400   0     0 deny ip from any to 10.0.0.0/8 via ed0
00500   0     0 deny ip from any to 172.16.0.0/12 via ed0
00600   0     0 deny ip from any to 192.168.0.0/16 via ed0
00700   0     0 deny ip from any to 0.0.0.0/8 via ed0
00800   0     0 deny ip from any to 169.254.0.0/16 via ed0
00900   0     0 deny ip from any to 192.0.2.0/24 via ed0
01000   0     0 deny ip from any to 224.0.0.0/4 via ed0
01100   0     0 deny ip from any to 240.0.0.0/4 via ed0
01200   1   328 divert 8668 ip from any to any via ed0
01300   0     0 deny ip from 10.0.0.0/8 to any via ed0
01400   0     0 deny ip from 172.16.0.0/12 to any via ed0
01500   0     0 deny ip from 192.168.0.0/16 to any via ed0
01600   0     0 deny ip from 0.0.0.0/8 to any via ed0
01700   0     0 deny ip from 169.254.0.0/16 to any via ed0
01800   0     0 deny ip from 192.0.2.0/24 to any via ed0
01900   0     0 deny ip from 224.0.0.0/4 to any via ed0
02000   0     0 deny ip from 240.0.0.0/4 to any via ed0
02100 141  9284 allow tcp from any to any established
02200   0     0 allow ip from any to any frag
02300   0     0 allow icmp from any to any
02400   0     0 allow tcp from any to any 20,21 in recv ed0 setup
02500   0     0 allow tcp from any to any 22 in recv ed0 setup
02600   0     0 allow tcp from any to any 25 in recv ed0 setup
02700   0     0 allow tcp from any to any 80 in recv ed0 setup
02800   0     0 allow tcp from any to any 113 in recv ed0 setup
02900   0     0 deny log logamount 100 tcp from any to any in recv ed0=20
setup
03000   0     0 allow tcp from any to any setup
03100   0     0 allow udp from any 53 to any out xmit ed0
03200   0     0 allow udp from any to any 53 in recv ed0
03300   0     0 allow udp from any 123 to any out xmit ed0
03400   0     0 allow udp from any to any 123 in recv ed0
03500   0     0 allow ip from any to any via ed1
65535  57 14421 deny ip from any to any
-- snip --

ed1 is my internal NIC.
For my earlier test, rule 3600 was added to log denied packets.

Regards,
Neil Darlow.

--
1024D/531F9048 1999-09-11 Neil Darlow <neil@darlow.co.uk>
Key fingerprint =3D 359D B8FF 6273 6C32 BEAA  43F9 E579 E24A 531F 9048


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010515.19395100>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact