Date: Sun, 1 May 2005 19:56:47 -0400 From: <bob@a1poweruser.com> To: "Chris Knipe" <savage@savage.za.org>, <freebsd-questions@lists.freebsd.org> Subject: RE: ipf out rule Message-ID: <MIEPLLIBMLEEABPDBIEGIENLHDAA.bob@a1poweruser.com> In-Reply-To: <001901c54ea0$ee58ad50$0a01a8c0@ops.cenergynetworks.com>
next in thread | previous in thread | raw e-mail | index | archive | help
When asking for help with firewall rules you have to post complete content of firewall rule set file because some previous rule may be dropping all packets. If this is your complete rule set them you are missing the mandatory L0 interface rule to pass quick all. rl0 must be Nic connected to public internet. x.x.x.120/29 is ip address range of pc's on private LAN behind firewall. This is not much of firewall with everything being allowed out. You could replace all of these meaning less statements with pass quick all from any to any You really need to read firewall section of the official handbook. It has working examples of ipf.rules rule set along with detailed explanation of how to build firewall rules. -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Chris Knipe Sent: Sunday, May 01, 2005 6:56 PM To: freebsd-questions@lists.freebsd.org Subject: ipf out rule Hi, Can anyone take a minute to just explain to me why ipf is blocking this... ipf.rules: # rl0 - Outgoing pass out quick on rl0 proto tcp from x.x.x.120/29 to any flags S keep state keep frags pass out quick on rl0 proto udp from x.x.x.120/29 to any keep state keep frags pass out quick on rl0 proto icmp from x.x.x.120/29 to any keep state keep frags block out log quick on rl0 all ipftest: opening rule file "ipf.new" in on rl0 tcp 196.25.1.1,2210 x.x.x.122,22 input: in on rl0 tcp 196.25.1.1,2210 x.x.x.122,22 pass ip 40(20) 6 196.25.1.1,2210 > x.x.x.122,22 -------------- out on rl0 tcp x.x.x.122,22 196.25.1.1,2210 input: out on rl0 tcp x.x.x.122,22 196.25.1.1,2210 block ip 40(20) 6 x.x.x.122,22 > 196.25.1.1,2210 Thanks. -- Chris. I love deadlines. I especially love the whooshing sound they make as they fly by..." - Douglas Adams, 'Hitchhiker's Guide to the Galaxy' _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGIENLHDAA.bob>