Re: ipfw

From: Michael Sharp (msharp@medmail.com)
Date: 05/09/01

• Next message: Nate Williams: "Re: Ip filtering with ipfw"
• Previous message: Michael Sharp: "ipfw"
• Maybe in reply to: William J. Borskey: "ipfw"
• Next in thread: Dag-Erling Smorgrav: "Re: ipfw"
• Reply: Dag-Erling Smorgrav: "Re: ipfw"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 9 May 2001 13:18:53 -0700
To: FreeBSD-security@FreeBSD.org
From: Michael Sharp <msharp@medmail.com>

But I need to block port 113, and allow 1 machine to get to port 113.
HAVING to add ipfw add allow ip from any to any gets process before I would allow my 1 machine to port 113, thus allowing every machine to port 113

On Wed, 09 May 2001, Ron Brogden wrote:

>
> On Wednesday 09 May 2001 20:03, you wrote:
> > and still I cannot get rid of that pesky 65535 DENY everything rule that
> > wont let me do anything unless I add " ipfw add allow ip from any to any "
> > which allows everything despite ANY DENY chains.
>
> Why can't you add the specific deny rules first if that is how you want
> things to work. Just give them a lower precedence than your blanket allow
> rule:
>
> ipfw add 40000 deny something from somewhere to somewhere_else
> ipfw add 50000 deny something from somewhere to somewhere_else
> ipfw add 60000 allow ip from any to any
>
> That said, shouldn't you be allowing specific stuff and then denying by
> default?
>
> Cheers,
>
> Ron
>

   
-------------------------------------------------------
Get your free, secure email at http://www.medmail.com -
the e-mail service for the medical community

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Nate Williams: "Re: Ip filtering with ipfw"
• Previous message: Michael Sharp: "ipfw"
• Maybe in reply to: William J. Borskey: "ipfw"
• Next in thread: Dag-Erling Smorgrav: "Re: ipfw"
• Reply: Dag-Erling Smorgrav: "Re: ipfw"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages problem in smtp server ... FTP and the e-mail for the domain with qmail. ... All seems to work fine if i disable the ipfw... ... $cmd 00010 allow all from any to any via lo0 ... $cmd 00299 deny log all from any to any out via $pif ... (comp.unix.bsd.freebsd.misc) Trouble with ipfw :( help! ... I have configured ipfw on my mail server... ... 00200 deny ip from any to 127.0.0.0/8 ... 00800 allow tcp from any to me dst-port 25,110,995,143,993 setup ... (freebsd-questions) IPFW, NATd, dnscache problems ... I can't for the life of me get port forwarding setup. ... part is that ipfw is seeing the request come in (the appropriate rule's ... interface dc0 ... ipfw -q add 00301 deny log all from any to 127.0.0.0/8 ... (comp.unix.bsd.freebsd.misc) Re: Problems with ipfw and ssh ... the rule you have set to allow any, my same rule is deny any. ... I know I had some issues with IPFW working for about 15 minutes, ... However I stuck with the ssh rule since i mainly want to work remotely on ... On Thursday 12 October 2006 20:22, Spiros Papadopoulos wrote: ... (freebsd-questions) Re: IPFW rules ... 00200 deny ip from any to 127.0.0.0/8 ... Traffic is still blocked on port 22 -- I can't login via SSH. ... ipfw add 1 allow tcp from any to any established ... (freebsd-stable)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint