Return to BSD News archive
Newsgroups: comp.os.386bsd.questions Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!bunyip.cc.uq.oz.au!munnari.oz.au!news.hawaii.edu!ames!elroy.jpl.nasa.gov!swrinde!pipex!uknet!pencotts.demon.co.uk!arg From: arg@pencotts.demon.co.uk Subject: Problems with IPfirewall Message-ID: <D42JA9.Apv@pencotts.demon.co.uk> Organization: NET-TEL Computer Systems Ltd Date: Thu, 16 Feb 1995 01:10:56 GMT Lines: 23 I am having difficulty getting the ipfirewall to work usefully. I have compiled a suitable kernel, and it does indeed work OK for simple cases (ipfw addf deny icmp from xxxx to yyyy then try pinging from xxxx to yyyy), but overzealous use seems to result in a kernel panic or (more often) a spontaneous reboot of the machine. In particular, building a setup that starts by denying everything and then adding back tohose protocols that I want to allow always triggers a crash. The crashes could mostly be avoided by starting with: ipfw addf accept all from localhost to localhost then setting: ipfw policy deny but things were still not working quite as desired. So, it would appear that the firewall is blocking out some internal packets that are essential to the life of the machine. I imagine that if I knew what these problem packets were, it would be quite easy to hack the firewall code to let them through. Any ideas? Also, if anyone has example ipfw scripts that do somthing useful, I would be glad to see them. andrew.gordon@net-tel.co.uk