Date: 9 May 2001 13:18:53 -0700 From: Michael Sharp <msharp@medmail.com> To: FreeBSD-security@FreeBSD.org Subject: Re: ipfw Message-ID: <20010509201853.6521.cpmta@c000.sfo.cp.net>
next in thread | raw e-mail | index | archive | help
But I need to block port 113, and allow 1 machine to get to port 113. HAVING to add ipfw add allow ip from any to any gets process before I would allow my 1 machine to port 113, thus allowing every machine to port 113 On Wed, 09 May 2001, Ron Brogden wrote: > > On Wednesday 09 May 2001 20:03, you wrote: > > and still I cannot get rid of that pesky 65535 DENY everything rule that > > wont let me do anything unless I add " ipfw add allow ip from any to any " > > which allows everything despite ANY DENY chains. > > Why can't you add the specific deny rules first if that is how you want > things to work. Just give them a lower precedence than your blanket allow > rule: > > ipfw add 40000 deny something from somewhere to somewhere_else > ipfw add 50000 deny something from somewhere to somewhere_else > ipfw add 60000 allow ip from any to any > > That said, shouldn't you be allowing specific stuff and then denying by > default? > > Cheers, > > Ron > ------------------------------------------------------- Get your free, secure email at http://www.medmail.com - the e-mail service for the medical community To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010509201853.6521.cpmta>