Date: Sun, 28 Mar 2004 15:29:44 -0800 From: "Dan" <dan@tictactoe.com> To: <freebsd-ipfw@freebsd.org> Subject: What am I doing wrong (IPFW Rulesets) Message-ID: <000301c4151c$92278e70$0200a8c0@surf1.ws>
next in thread | raw e-mail | index | archive | help
What am I doing wrong here? Do I need to recompile my kernel with rule
set support for IPFW or something? I cannot seem to get any set-related
functionality to work on my system.
I grabbed this from the man page for ipfw:
The format of ipfw rules is the following:
[rule_number] [set set_number] [prob match_probability]
action [log [logamount number]] body
Here is my current rule list. - which is working great, it allows me to
keep track of who is using how much bandwidth from my LAN, which is kind
of fun. Also, it does some basic policing of IP traffic.
# ipfw list
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 allow ip from 192.168.0.7 to any
00500 allow ip from any to 192.168.0.7
00600 allow ip from any to 192.168.0.2
00700 allow ip from 192.168.0.2 to any
00800 allow ip from 192.168.0.84 to any
00900 allow ip from any to 192.168.0.84
01000 allow ip from 192.168.0.8 to any
01100 allow ip from any to 192.168.0.8
65000 allow log logamount 100 ip from 192.168.0.0/24 to any
65100 allow ip from any to 192.168.0.0/24
65200 allow ip from me to any out xmit dc0
65300 allow ip from any to me in recv dc0
65535 deny ip from any to any
# ipfw add 01200 set 1 allow ip from any to any
ipfw: invalid action ``set''
According to my above-pasted quotation from the IPFW man page, this
should work. Why not?
# ipfw disable set 1
ipfw: unrecognize enable/disable keyword: set
# ipfw enable set 1
ipfw: unrecognize enable/disable keyword: set
# ipfw set enable 1
ipfw: bad arguments, for usage summary ``ipfw''
# ipfw set disable 1
ipfw: bad arguments, for usage summary ``ipfw''
I have seen different places mention different ways of enabling and
disabling rule sets, neither of these seem to work. What am I doing
wrong here? BTW, there aren't any rules in rule set 1 right now as far
as I know.
I am running FreeBSD 4.9-RELEASE #0: Thu Mar 25 17:51:16 PST 2004
<mailto:root@> root@<hostname omitted>:/usr/src/sys/compile/CUSTOM
I am running a custom-built kernel with both IPFW and IPFILTER options
on. This machine has dual NICs and I use it for NAT.
I have been reading through the IPFW mailing list and searching the open
bug reports on freebsd.org and googling for hours now, so thought I'd
run this by you guys.
Thanks,
--Dan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000301c4151c$92278e70$0200a8c0>