Slightly off topic here, please excuse me.
I've had problems finding help for my problem, and you guys seem like
a helpful bunch.
I can't get the ipfwadm work as expected, I think the doc says that
the first matchin rule will work. I experience differently.
I am running Redhat 5.0 on kernel 2.0.33
Part of my filtering script is as follows:
ADM=ipfwadm
INET=ip address of my lan
$ADM -F -f
$ADM -I -f
$ADM -O -f
$ADM -F -p deny
$ADM -I -a accept -P icmp
$ADM -O -a accept -P icmp
$ADM -F -a accept -P icmp -k -S $INET -D any/0
$ADM -F -a deny -P icmp
The idea was that the 3 first accepts should allow icmp TO the router,
the 4th should only let icmp from the lan to the world THROUGH the
firewall, while all through-traffic from the net is caught in the
last line. However I cannot get out from $INET.
I change policy to accept and I get through from INET, telling me
that the rule didn't catch packets from INET since default policy
rules.
HOwever, when I leave default policy to accept and change the "-S -S
$INET"-line to "deny" I am once again stopped from INET, telling me
that this rule does indeed catch the packets from INET.
So how come it doesn't work as set out above, letting me do what I
want from INET, but if you're on the net you're only allowed to ping
the router and not through it?
I have the same problem for tcp further down in my script, so please
don't write the problem off with some hint to icmp-specific things.
I just can't see where myt logic breaks.
Thanks for your time, and sorry for being offtopic.
Morten Steinvik
Disk not in drive C: (A)bort (R)etry (S)uicide
The world is but one country and the people its citizens
http://www.colargol.tihlde.hist.no/~mortenst/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
