Re: ipfw denies everything and i can open websites?
I'm sorry, (don't laugh too hard) i had a litle startup script that read: ipfw disable firewall, i put that there before i had actually made my firewall rules... Once i removed it it turned out my rules weren't as decent as i thought, but now they work! And i was being so happy that i had made such a nice firewall :( I really thought my firewall was on because it loaded the rules and so... thanks anyway :) -jurjen ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ipfw denies everything and i can open websites?
hello, could you show /etc/rc.conf and /etc/rc.firewall files? (only corresponding lines) petko Jurjen Middendorp wrote: Hello, i have configured my firewall, but after i do "ipfw -q flush" i am still able to visit websites, download my e-mail, etc. I thought the default action of ipfw was to deny everything and ipfw show confirms that... Why am i able to go on the internet? Is this weird behaviour or is there something i don't understand about ipfw/firewalls?? I am behind a router (NAT) and get my ip with dhcp. Here is a litle log from what happens if i try to open a random website (blah.org) after i disable my firewall. [EMAIL PROTECTED] ~]$ su Password: [EMAIL PROTECTED] /home/jurjen]# fw_uit 65535 2 616 deny ip from any to any [EMAIL PROTECTED] /home/jurjen]# tcpdump tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ath0, link-type EN10MB (Ethernet), capture size 96 bytes 20:41:44.919465 IP jurjen.lan.55071 > SpeedTouch.lan.domain: 4879+ A? blah.org. (26) 20:41:45.062650 IP SpeedTouch.lan.domain > jurjen.lan.55071: 4879 1/0/0 A 205.150.150.140 (42) 20:41:45.062889 IP jurjen.lan.53038 > SpeedTouch.lan.domain: 4880+ ? blah.org. (26) 20:41:45.173416 IP SpeedTouch.lan.domain > jurjen.lan.53038: 4880 0/1/0 (98) 20:41:45.173790 IP jurjen.lan.56029 > 205.150.150.140.http: S 1223552665:1223552665(0) win 65535 20:41:45.288590 IP 205.150.150.140.http > jurjen.lan.56029: S 3294004362:3294004362(0) ack 1223552666 win 16384 20:41:45.288662 IP jurjen.lan.56029 > 205.150.150.140.http: . ack 1 win 33304 20:41:45.288924 IP jurjen.lan.56029 > 205.150.150.140.http: P 1:395(394) ack 1 win 33304 20:41:45.441225 IP 205.150.150.140.http > jurjen.lan.56029: . 1:1449(1448) ack 395 win 65141 20:41:45.442758 IP 205.150.150.140.http > jurjen.lan.56029: P 1449:2533(1084) ack 395 win 65141 20:41:45.442812 IP jurjen.lan.56029 > 205.150.150.140.http: . ack 2533 win 32762 20:41:45.591472 IP jurjen.lan.56029 > 205.150.150.140.http: P 395:720(325) ack 2533 win 33304 20:41:45.760525 IP 205.150.150.140.http > jurjen.lan.56029: P 3981:4328(347) ack 720 win 64816 20:41:45.760603 IP jurjen.lan.56029 > 205.150.150.140.http: . ack 2533 win 33304 20:41:45.763003 IP 205.150.150.140.http > jurjen.lan.56029: . 2533:3981(1448) ack 720 win 64816 20:41:45.763045 IP jurjen.lan.56029 > 205.150.150.140.http: . ack 4328 win 32406 20:41:46.021900 IP jurjen.lan.62273 > SpeedTouch.lan.domain: 23988+ PTR? 140.150.150.205.in-addr.arpa. (46) 20:41:46.255700 IP SpeedTouch.lan.domain > jurjen.lan.62273: 23988 NXDomain 0/1/0 (117) 20:42:02.361174 IP sys00.lan.netbios-dgm > 10.0.0.255.netbios-dgm: NBT UDP PACKET(138) And the website has loaded... how is this possible?? greets, jurjen ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
ipfw denies everything and i can open websites?
Hello, i have configured my firewall, but after i do "ipfw -q flush" i am still able to visit websites, download my e-mail, etc. I thought the default action of ipfw was to deny everything and ipfw show confirms that... Why am i able to go on the internet? Is this weird behaviour or is there something i don't understand about ipfw/firewalls?? I am behind a router (NAT) and get my ip with dhcp. Here is a litle log from what happens if i try to open a random website (blah.org) after i disable my firewall. [EMAIL PROTECTED] ~]$ su Password: [EMAIL PROTECTED] /home/jurjen]# fw_uit 65535 2 616 deny ip from any to any [EMAIL PROTECTED] /home/jurjen]# tcpdump tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ath0, link-type EN10MB (Ethernet), capture size 96 bytes 20:41:44.919465 IP jurjen.lan.55071 > SpeedTouch.lan.domain: 4879+ A? blah.org. (26) 20:41:45.062650 IP SpeedTouch.lan.domain > jurjen.lan.55071: 4879 1/0/0 A 205.150.150.140 (42) 20:41:45.062889 IP jurjen.lan.53038 > SpeedTouch.lan.domain: 4880+ ? blah.org. (26) 20:41:45.173416 IP SpeedTouch.lan.domain > jurjen.lan.53038: 4880 0/1/0 (98) 20:41:45.173790 IP jurjen.lan.56029 > 205.150.150.140.http: S 1223552665:1223552665(0) win 65535 20:41:45.288590 IP 205.150.150.140.http > jurjen.lan.56029: S 3294004362:3294004362(0) ack 1223552666 win 16384 20:41:45.288662 IP jurjen.lan.56029 > 205.150.150.140.http: . ack 1 win 33304 20:41:45.288924 IP jurjen.lan.56029 > 205.150.150.140.http: P 1:395(394) ack 1 win 33304 20:41:45.441225 IP 205.150.150.140.http > jurjen.lan.56029: . 1:1449(1448) ack 395 win 65141 20:41:45.442758 IP 205.150.150.140.http > jurjen.lan.56029: P 1449:2533(1084) ack 395 win 65141 20:41:45.442812 IP jurjen.lan.56029 > 205.150.150.140.http: . ack 2533 win 32762 20:41:45.591472 IP jurjen.lan.56029 > 205.150.150.140.http: P 395:720(325) ack 2533 win 33304 20:41:45.760525 IP 205.150.150.140.http > jurjen.lan.56029: P 3981:4328(347) ack 720 win 64816 20:41:45.760603 IP jurjen.lan.56029 > 205.150.150.140.http: . ack 2533 win 33304 20:41:45.763003 IP 205.150.150.140.http > jurjen.lan.56029: . 2533:3981(1448) ack 720 win 64816 20:41:45.763045 IP jurjen.lan.56029 > 205.150.150.140.http: . ack 4328 win 32406 20:41:46.021900 IP jurjen.lan.62273 > SpeedTouch.lan.domain: 23988+ PTR? 140.150.150.205.in-addr.arpa. (46) 20:41:46.255700 IP SpeedTouch.lan.domain > jurjen.lan.62273: 23988 NXDomain 0/1/0 (117) 20:42:02.361174 IP sys00.lan.netbios-dgm > 10.0.0.255.netbios-dgm: NBT UDP PACKET(138) And the website has loaded... how is this possible?? greets, jurjen ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"