Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!msunews!netnews.upenn.edu!dsinc!ub!csn!gw1.att.com!cnn.Princeton.EDU!udel!news.mathworks.com!newsfeed.internetmci.com!in1.uu.net!nwnews.wa.com!nwfocus.wa.com!ender.techcenter.paccar.com!ender1.techcenter.paccar.com!usenet
From: fletcher@techcenter.paccar.com (Arlen Fletcher)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: IPFW filter rules...
Date: 9 Feb 1996 01:58:45 GMT
Organization: PACCAR Technical Center
Lines: 37
Distribution: world
Message-ID: <4fe9ol$f8@ender1.techcenter.paccar.com>
References: <Pine.HPP.3.91.960207170506.20192A-100000@ocean.fit.qut.edu.au>
NNTP-Posting-Host: starlight.techcenter.paccar.com
Mime-Version: 1.0
X-Newsreader: WinVN 0.93.14
In article <Pine.HPP.3.91.960207170506.20192A-100000@ocean.fit.qut.edu.au>,
brad@fit.qut.edu.au says...
>
>We seem to be having some troubles getting ipfw up and running with the
>2.2-960130-SNAP release.
>
>The filtering rules being applied are meant to halt tcp and udp between ports
>1 and 1024 from both networks on the BSD router. We would then like to
>specifically allow services like telnet. However, it looks as though the high
>port eg. 2611 is being blocked by ipfw. My initial thoughts are that the
>range is not being used (i ncorrect syntax?)
>
>Any ideas??? Any help will be greatly appreciated.
A couple of things come to mind: 1) Most packet filters have an implicit "deny"
tacked on the end of the filter rules. I.e., deny anything I haven't explicitly
allowed. I don't know if ipfw works that way or not.
2) You may be suffering from re-ordering of the rules you've written. From the
man page on ipfw:
" The system has a rule weighting system for the firewall chain. This means
that rules are not used in the order that they are specified. To see what
rule ordering is used, use the list command."
3) Rule re-ordering can bite you big time. You might try the "list" command
mentioned above to see the order in which your rules are being applied.
Good luck!
-----------------------------------------------------------------
"If women don't find you handsome, they ought to at least find
you handy."
Red Green
Arlen Fletcher
fletcher@paccar.com