Andrew L. Gould wrote:

On Wednesday 01 October 2003 01:18 pm, Gary wrote:

I have set my firewall to


and when I want to drop a specific IP, I enter it manually, it accepts it,
but it does not drop the packets..

I am getting a lot of virus activity on my SMTP port 25. So I wanted to
drop a few IP ranges/addresses..

00100  62054   5483792 allow ip from any to any via lo0
00200      0         0 deny ip from any to
00300      0         0 deny ip from to any
65000 873327 293931424 allow ip from any to any
65100      0         0 deny tcp from to any
65110      0         0 deny ip from to any
65535      0         0 deny ip from any to any

Yet, checking later in my SMTP logs, I am still getting pounded by the
listed addresses. Can anyone explain why this isn't working?


I'm a newbie at firewalls; but I'll take a guess: Doesn't rule 65000 let all ip packets in before rules 65100 and 65110 are considered?


Yes, in this case, since this is ipfw, and "first match wins."

Using ipf, it's the opposite; gotta love 'Nix! ;-)

[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to