Tom Worster wrote:
the ipfw man page says:
me matches any IP address configured on an interface in the system.
which suggests that if i code my rules using me then when i add an alias
ip address to an interface with ifconfig, these me rules will immediately
work for the newly added address
Tom Worster wrote:
thanks, nikos.
You're welcome.
i'm interested in your other comment about the risks of using me.
All I am saying is that you have to take care of attacks which use me
addresses. Packets with source address a me address coming from a network
interface, AKA spoofed
On 9/8/09 2:58 AM, Nikos Vassiliadis nvass9...@gmx.com wrote:
Tom Worster wrote:
the ipfw man page says:
me matches any IP address configured on an interface in the system.
which suggests that if i code my rules using me then when i add an alias
ip address to an interface with
the ipfw man page says:
me matches any IP address configured on an interface in the system.
which suggests that if i code my rules using me then when i add an alias
ip address to an interface with ifconfig, these me rules will immediately
work for the newly added address as they do for other
Hello freebsd-questions,
Finally, I ve got to work my ipfw firewall with two NATs (one for local
resources, provided by ISP, one for VPN - which leads me to
Internet= ).
But I need further help on it :-(
Here is my rules:
#!/bin/sh
ipfw='/sbin/ipfw -q'
Здравствуйте, Questions.
1 allow all from any to any via rl0
2 allow all from any to any via rl1
109 skipto 110 tcp from any to any 80 in recv $iface #split only http trafic
109 skipto 200 all from any to any #do not split all other trafic
110 check-state
111 prob 0.5 skipto 131 in recv
Здравствуйте, KES.
Вы писали 30 декабря 2008 г., 21:47:40:
K Здравствуйте, Questions.
K 1 allow all from any to any via rl0
K 2 allow all from any to any via rl1
K 109 skipto 110 tcp from any to any 80 in recv $iface #split only http trafic
K 109 skipto 200 all from any to any #do not
Здравствуйте, KES.
Вы писали 30 декабря 2008 г., 22:29:50:
K Здравствуйте, KES.
K Вы писали 30 декабря 2008 г., 21:47:40:
K Здравствуйте, Questions.
K 1 allow all from any to any via rl0
K 2 allow all from any to any via rl1
K 109 skipto 110 tcp from any to any 80 in recv $iface #split
On Fri, 28 Dec 2007 02:21:54 +0200 Giorgos Keramidas [EMAIL PROTECTED] wrote:
On 2007-12-27 15:47, Noah [EMAIL PROTECTED] wrote:
Hi,
I have two ipfw rules that I want to remove. They are viewable with the
ipfw show command
--- snip ---
06600 0 0 allow ip
Hi,
I have two ipfw rules that I want to remove. They are viewable with the
ipfw show command
--- snip ---
06600 0 0 allow ip from any to any proto tcp src-ip
66.66.66.66 dst-port 22
06700 0 0 allow ip from any to any proto tcp src-ip
66.66.66.66 dst-port 22
On 2007-12-27 15:47, Noah [EMAIL PROTECTED] wrote:
Hi,
I have two ipfw rules that I want to remove. They are viewable with the
ipfw show command
--- snip ---
06600 0 0 allow ip from any to any proto tcp src-ip
66.66.66.66 dst-port 22
06700 0 0 allow ip from
thanks for the response.
I was Looking for awk to do some of the parsing like this:
/sbin/ipfw list | grep '%IP%' | awk '{ print ipfw -q delete $1 }' | sh
cheers,
Noah
___
freebsd-questions@freebsd.org mailing list
On Monday 17 December 2007 19:06:29 Gore Jarold wrote:
My main goal is to lock down my ipfw rules so that
when I run nmap, all I see is:
Interesting ports on 192.168.0.10:
Not shown: 1677 closed ports
PORTSTATE SERVICE
22/tcp open ssh
MAC Address: 00:12:D8:A2:23:C2
Nmap finished: 1
My main goal is to lock down my ipfw rules so that
when I run nmap, all I see is:
Interesting ports on 192.168.0.10:
Not shown: 1677 closed ports
PORTSTATE SERVICE
22/tcp open ssh
MAC Address: 00:12:D8:A2:23:C2
Nmap finished: 1 IP address (1 host up) scanned in
9.791 seconds
So
[EMAIL PROTECTED] wrote:
So basically the ruleset should be simple:
ipfw -f flush
# allow lo0 stuff
# block some spoofs/attacks
# if you are hosting gameservers from 192.168.17.3 or whatever,
# you should (manually) open server ports, in other words, add
# routes to 192.168.17.3 to specific
Jack Barnett wrote:
[EMAIL PROTECTED] wrote:
So basically the ruleset should be simple:
ipfw -f flush
# allow lo0 stuff
# block some spoofs/attacks
# if you are hosting gameservers from 192.168.17.3 or whatever,
# you should (manually) open server ports, in other words, add
# routes to
Lots of people play games here and basically a pain to keep trying to
get these stupid things to work with individual rules for each.
I'm running FreeBSD 6.x with IPFW/natd
I get a dynamic IP from my ISP and the internal nic is 192.168.17.1
Everything inside the network is 192.168.17.xxx
Bob Hall wrote:
On Fri, Nov 02, 2007 at 04:59:27AM -0500, Jack Barnett wrote:
I added this for a temporary fix:
${fwcmd} add pass all from any to any
I don't think that is the right answer; That allows to much in?
Yes.
I've tried these per the docs:
${fwcmd} add allow
Jack Barnett wrote:
Bob Hall wrote:
On Fri, Nov 02, 2007 at 04:59:27AM -0500, Jack Barnett wrote:
I added this for a temporary fix:
${fwcmd} add pass all from any to any
I don't think that is the right answer; That allows to much in?
Yes.
I've tried these per the docs:
Jack Barnett wrote:
Jack Barnett wrote:
Jack Barnett wrote:
Bob Hall wrote:
On Fri, Nov 02, 2007 at 04:59:27AM -0500, Jack Barnett wrote:
I added this for a temporary fix:
${fwcmd} add pass all from any to any
I don't think that is the right answer; That allows to much in?
On Fri, 02 Nov 2007 04:59:27 -0500
Jack Barnett [EMAIL PROTECTED] wrote:
Lots of people play games here and basically a pain to keep trying to
get these stupid things to work with individual rules for each.
I'm running FreeBSD 6.x with IPFW/natd
I get a dynamic IP from my ISP and the
RW wrote:
On Fri, 02 Nov 2007 04:59:27 -0500
Jack Barnett [1][EMAIL PROTECTED] wrote:
Lots of people play games here and basically a pain to keep trying to
get these stupid things to work with individual rules for each.
I'm running FreeBSD 6.x with IPFW/natd
I get a dynamic IP from my
On Fri, Nov 02, 2007 at 04:59:27AM -0500, Jack Barnett wrote:
I added this for a temporary fix:
${fwcmd} add pass all from any to any
I don't think that is the right answer; That allows to much in?
Yes.
I've tried these per the docs:
${fwcmd} add allow all from any to any out via
Jack Barnett wrote:
Jack Barnett wrote:
Bob Hall wrote:
On Fri, Nov 02, 2007 at 04:59:27AM -0500, Jack Barnett wrote:
I added this for a temporary fix:
${fwcmd} add pass all from any to any
I don't think that is the right answer; That allows to much in?
Yes.
I've
Hi, Jack, let's see.
Jack Barnett wrote:
Lots of people play games here and basically a pain to keep trying to
get these stupid things to work with individual rules for each.
I'm running FreeBSD 6.x with IPFW/natd
I get a dynamic IP from my ISP and the internal nic is 192.168.17.1
On Fri, Nov 02, 2007 at 10:59:04PM +0100, [EMAIL PROTECTED] wrote:
onet=`ifconfig xl0 | grep inet | awk '{print $6}'`
I'm not sure about this. Isn't the sixth word the broadcast address
(ending with .255)?
It's correct. I've been using this in my firewall file since FBSD
4.something.
In the last episode (Oct 30), eBoundHost: Artur said:
Hello FreeBSD people!
I have a smtp server under attack by what seems like a large botnet. My
inetd is choking under the load and not allowing real mail through. I've
successfully used tshark to find the offenders and put them into
-questions@freebsd.org
Sent: Oct 30, 2007 23:36
Subject: Re: how many IPFW rules?
In the last episode (Oct 30), eBoundHost: Artur said:
Hello FreeBSD people!
I have a smtp server under attack by what seems like a large botnet. My
inetd is choking under the load and not allowing real mail
On Tuesday 30 October 2007 22:57:31 eBoundHost: Artur wrote:
Hello FreeBSD people!
I have a smtp server under attack by what seems like a large botnet. My
inetd is choking under the load and not allowing real mail through.
I've successfully used tshark to find the offenders and put them
Hello FreeBSD people!
I have a smtp server under attack by what seems like a large botnet. My
inetd is choking under the load and not allowing real mail through. I've
successfully used tshark to find the offenders and put them into ipfw
firewall for port 25.
So here is my question, I'm
I use the sample ipfw rules with keep state as shown in the handbook
firewall section.
People on this list don't have ESP so they can't read your mind about what
rules you have coded.
Posting your ipfw rule set will go a long way to getting a response from
readers of this list.
That being said I
fbsd2 writes:
I use the sample ipfw rules with keep state as shown in the handbook
they do work fine. They just aren't meant for the kind of load
they were under. I needed to know how to get the same
functionality by other means.
If you use the keep-state directive, high traffic can
This is a situation where I thought I knew more than I
actually do. I set up a new domain name server with a
client-type firewall after having tested it first, but there is
nothing like hundreds of thousands of packets per hour to show
the weak spots.
I made the mistake of setting
Ok, i changed my original rules. I'm going to use both the ruleset you
recommended
and these ones (not at the same time though :). And see which one gives me the
least trouble.
greetings,
jurjen.
#!/bin/sh
ipfw -q flush
cmd=ipfw -q add
ks=keep-state
oif=ath0
#sort in en out packets
$cmd
Cool! thanks for the reply + suggestions!
I haven't had any trouble with my firewall blocking too much yet
(also didn't connect to the internet much yet :), but i'll think
about just allowing all out... on the other hand i like the idea
of just letting through out that i need (which isn't very
On 2006-12-16 18:01, Jurjen Middendorp [EMAIL PROTECTED] wrote:
I posted this to the freebsd-security list, but i believe that is not
the right list to this question (sorry! this is my first message to
the freebsd mailing-lists). I hope this is the right list! :) anyway:
I tried making a
I posted this to the freebsd-security list, but i believe that is
not the right list to this question (sorry! this is my first message
to the freebsd mailing-lists). I hope this is the right list! :)
anyway:
I tried making a firewall for my laptop..but i'm not sure if i
forgot anything. And
above all of my
bad-behavior lines ? That is, by allowing all established, is it possible
that some of those bad tcp packetrs could be let in before they hit my
bad-behavior block of ipfw rules ? Or are all of those bad behaviors
inconsistent with being an established tcp session ?
Second
Ensel Sharon wrote:
[ ... ]
Two questions: is it appropriate to have line 01000 above all of my
bad-behavior lines ?
established means ACK and not SYN, basicly. Your bad behavior rules
wouldn't really match anything which matches established, but it's probably
better to block known-bad
that some of those bad tcp packetrs could be let in before they hit my
bad-behavior block of ipfw rules ? Or are all of those bad behaviors
inconsistent with being an established tcp session ?
As Chuck Swiger pointed out in an earlier reply, you're
probably better off moving the rule down
On Tue, 11 Jul 2006 13:16:21 +1000
Nick Withers [EMAIL PROTECTED] wrote:
On Mon, 10 Jul 2006 18:38:51 -0400 (EDT)
Ensel Sharon [EMAIL PROTECTED] wrote:
My individual hosts have a set of firewall rules on each of them that
looks like this:
(snip)
Second, are there any other
I've been looking into using Dummynet for outgoing traffic, and I've found it
hard going because the tutorials and how-to's deal with it in isolation,
without indicating how it would be used in a real firewall. They generally
suggest setting net.inet.ip.fw.one_pass=1, which as I understand
On Mon, Sep 26, 2005 at 05:26:12PM +0300, Ertan Kucukoglu wrote:
Hi,
I have a problem blocking foreign intruders for specific ports in ipfw.
One of my friends have 4.X-Stable running in production for proxy,
e-mail, virus etc. Server also have natd and ipfw installed on it. We
have
Hi,
I have a problem blocking foreign intruders for specific ports in ipfw.
One of my friends have 4.X-Stable running in production for proxy,
e-mail, virus etc. Server also have natd and ipfw installed on it. We
have following rule set.
-
00050 2132 1212881 divert 8668 ip from any to
I just setup a FreeBSD box for a router, so that I could make use of ipfw
to block MSN Messenger traffic ... but I'm having a bugger of a time
finding a definitive list of what needs to be blocked :(
MSN Messenger appears to be smart enough to go *around* the usual port
1863 and onto port 80
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Chuck Swiger
Sent: Thursday, December 23, 2004 3:33 PM
To: Marc G. Fournier
Cc: freebsd-questions@freebsd.org
Subject: Re: Effective ipfw rules for blocking MSN Messenger ... ?
Marc G. Fournier wrote:
I
Kevin Curran wrote:
I have a cable modem and I'm using 4.9 as a NAT router for my home
network. I have 4 rules in my ipfw config. The first enables NAT and
the last is 65000 allow any to any.
In between I ha 2 rules to deny access to ports 53 and 110 on the
Internet side. That's all.
Here's
I have a cable modem and I'm using 4.9 as a NAT router for my home
network. I have 4 rules in my ipfw config. The first enables NAT and
the last is 65000 allow any to any.
In between I ha 2 rules to deny access to ports 53 and 110 on the
Internet side. That's all.
Here's my thinking: I use
Kevin Curran [EMAIL PROTECTED] wrote:
I have a cable modem and I'm using 4.9 as a NAT router for my home
network. I have 4 rules in my ipfw config. The first enables NAT and
the last is 65000 allow any to any.
In between I ha 2 rules to deny access to ports 53 and 110 on the
Internet
and learn about all your FBSD firewall options
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Kevin
Curran
Sent: Monday, June 14, 2004 9:12 PM
To: [EMAIL PROTECTED]
Subject: Are 4 IPFW rules enough?
I have a cable modem and I'm using 4.9 as a NAT router for my
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Thomas Wolf
Sent: Thursday, June 03, 2004 3:00 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: does NATd _prevent_ use of stateful ipfw rules w/
keep-state?
JJB [EMAIL PROTECTED] schrieb:
Where do you get off calling my
Of Thomas Wolf
Sent: Thursday, June 03, 2004 3:00 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: does NATd _prevent_ use of stateful ipfw rules w/
keep-state?
JJB [EMAIL PROTECTED] schrieb:
Where do you get off calling my questioning of Luigi Rizzo's
answer
as an attack.
I have heard
RYAN vAN GINNEKEN wrote:
I know this has probably been posted 1000's of times but i would like to
set up a ipfw firewall i run many services on this machine. It acts as a
gateway for my network
APACHE web server
IMAP mail server
SMTP mail server
BIND name server
FTP server
also i would like to
I know this has probably been posted 1000's of times but i would like to
set up a ipfw firewall i run many services on this machine. It acts as a
gateway for my network
APACHE web server
IMAP mail server
SMTP mail server
BIND name server
FTP server
also i would like to be able to forward
On Thursday 04 March 2004 01:42, RYAN vAN GINNEKEN wrote:
I know this has probably been posted 1000's of times but i would like to
set up a ipfw firewall i run many services on this machine. It acts as a
gateway for my network
APACHE web server
80/TCP and perhaps 443/TCP
IMAP mail server
Articles based on solutions that I use:
http://www.kruijff.org/alex/index.php?dir=docs/FreeBSD/
On Tue, Feb 17, 2004 at 08:46:09PM -0800, Saint Aardvark the Carpeted wrote:
Peter Rosa disturbed my sleep to write:
please what's the difference between this ipfw rules:
${fwcmd} add 63000 deny
Hi all,
please what's the difference between this ipfw rules:
${fwcmd} add 63000 deny ip from any to 0.0.0.255:0.0.0.255 in via ${oif}
and
${fwcmd} add deny all from any to 255.255.255.255
It seems similar, but I think it is not. Both should stop broadcasts.
Peter Rosa
Peter Rosa disturbed my sleep to write:
please what's the difference between this ipfw rules:
${fwcmd} add 63000 deny ip from any to 0.0.0.255:0.0.0.255 in via ${oif}
This denies broadcasts coming in to your machine through the outside
interface. The rule number is specified here, and it's
Helo everyone
I have a nat box with a default to deny ruleset, but whenever i ftp
through it i get a transfer rate of + - 3kb/s (over lan)
Below are what i have in my firewall script:
ipfw disable firewall
ipfw -f flush
int_if=fxp0
ext_if=rl0
# IPFW Count Rules for MRTG
ipfw add 10001 count
Hello everyone.
Im on FreeBSD 4.8R, NATd, ipfw enabled, everything working fine.
my box is behind a DSL modem router and clients behind the FreeBSD.
My LAN is C class IPs.
I compiled ipfw to accept by default.
This is my ipfw list:
00050 divert 8668 ip from any to any via
Marwan Sultan disturbed my sleep to write:
I compiled ipfw to accept by default.
This is my ipfw list:
00050 divert 8668 ip from any to any via rl0
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
65000 allow ip
Marwan Sultan wrote:
a) lets say I want to deny everything except a range of IPs
starting from 192.168.1.1 to 192.168.1.50.
what rule set should be? how to set range of IPs? to pass
and deny rest of the C class. FreeBSD Doc's doesnot cover this?
or i didnot see.!
I would set
Hallo!
Out from reading the manpage for natd, I have a question about how to restrict IPFW
access for NAT for the case when I have one computer connected directly to another one
(having two NICs installed into it)? That means that I don't have to care about big
private network, but rather want
]
[mailto:[EMAIL PROTECTED] Behalf Of Eugene
Panchenko
Sent: Sunday, February 01, 2004 11:15 AM
To: [EMAIL PROTECTED]
Subject: NAT and IPFW rules
Hallo!
Out from reading the manpage for natd, I have a question about how
to restrict IPFW access for NAT for the case when I have one
computer
I can't seem to get the ipfw rules right for letting ssh clients access a ssh
server. I can use ssh on the server to connect to the client; but if I try
to connect from the client to the server, the operation times out.
I have my rules in /etc/ipfw.rules. Executing 'ipfw show' displays all
On Monday 19 January 2004 00:47, Andrew L. Gould wrote:
I can't seem to get the ipfw rules right for letting ssh clients access a
ssh server. I can use ssh on the server to connect to the client; but if I
try to connect from the client to the server, the operation times out.
I have my rules
On Sunday 18 January 2004 05:53 pm, Daan Vreeken [PA4DAN] wrote:
On Monday 19 January 2004 00:47, Andrew L. Gould wrote:
I can't seem to get the ipfw rules right for letting ssh clients access a
ssh server. I can use ssh on the server to connect to the client; but if
I try to connect from
Does portmap have to be enabled to connect to sshd?
Thanks,
Andrew Gould
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Andrew L. Gould wrote:
Does portmap have to be enabled to connect to sshd?
No
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
On Sunday 18 January 2004 05:53 pm, Daan Vreeken [PA4DAN] wrote:
You forgot the packets in the other direction... This should do the trick :
${fwcmd} add 00300 allow tcp from any to me 22
${fwcmd} add 00301 allow tcp from me 22 to any
grtz,
Daan
It worked.
Thanks,
Andrew Gould
Hi,
I would like to get some input of these rules I'm currenly using.
I come from a linux/cisco background, so I want to know how bad these are :)
mostly my questions are the keep-state stuff. I guess 00235 can go, as I
think that
one allows all trafic from that specific ip if already connected
On 2003-04-05 21:49, Robin Ericsson [EMAIL PROTECTED] wrote:
I would like to get some input of these rules I'm currenly using.
I come from a linux/cisco background, so I want to know how bad these
are :) mostly my questions are the keep-state stuff. I guess 00235 can
go, as I think that one
Greetings,
This is what i came up with for my network after reviewing some docs and talking
with some people. i want to run it by you all before i impimented because i want
it to be secure before i open up my internal network to the outside world.
what do you think of my ipfw rules? do
icmptypes 11 in
add 00600 deny log ip from any to any
#--- end ipfw.rules ---#
-snip--
any comments on how i could improve this set of ipfw rules to better secure my
internal client would be appreciated. thanks again
redmond
msg17337
PROTECTED]
Subject: please comment on my nat/ipfw rules (resent)
hi all
i have my test machine set up as a gateway box, with ipfw/natd
configured on it, set up to filter/redirect packets bound for a
client on my internal network.
external ip of my internal client is aliased to the outside nic
with out any
solution forthcoming.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Redmond
Militante
Sent: Friday, January 31, 2003 8:18 AM
To: [EMAIL PROTECTED]
Subject: please comment on my nat/ipfw rules (resent)
hi all
i have my test
Militante
Sent: Friday, January 31, 2003 3:37 PM
To: JoeB; [EMAIL PROTECTED]
Subject: Re: please comment on my nat/ipfw rules (resent)
hi
you've sold me :)
do you have any good online tutorials to recommend for setting up a
gateway/firewall/natd machine using ipfilter/ipnat?
thanks
redmond
1. Your
running 4.7 with firewall, natd enabled kernel. i wish to create firewall
rules outside of the rc.firewall script that remain static across
reboots. to that end, i created a set (rc.firewall.rules), pointing
rc.conf to that set:
firewall_enable=YES
firewall_type=/etc/rc.firewall.rules
Stephen D. Kingrea [EMAIL PROTECTED] writes:
firewall_enable=YES
firewall_type=/etc/rc.firewall.rules
This should be one of client etc, see rc(8) for more information.
norbert.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
On Wed, Jan 22, 2003 at 09:45:09AM -0500, Stephen D. Kingrea wrote:
running 4.7 with firewall, natd enabled kernel. i wish to create firewall
rules outside of the rc.firewall script that remain static across
reboots. to that end, i created a set (rc.firewall.rules), pointing
rc.conf to that
On Wed, Jan 22, 2003 at 03:18:33PM +, Daniel Bye wrote:
On Wed, Jan 22, 2003 at 09:45:09AM -0500, Stephen D. Kingrea wrote:
running 4.7 with firewall, natd enabled kernel. i wish to create firewall
rules outside of the rc.firewall script that remain static across
reboots. to that end, i
Hi ppl!
I need to use direct access ti ipfw rules via raw sockets instead of
some scripts using ipfw utility.
I looked into ipfw sources and made a simple program to test if I could
add a simple rule this way.
Just rewrote pieces of original code intomy program w/out any serious
change
On Wed, 22 Jan 2003, Daniel Bye wrote:
On Wed, Jan 22, 2003 at 03:18:33PM +, Daniel Bye wrote:
On Wed, Jan 22, 2003 at 09:45:09AM -0500, Stephen D. Kingrea wrote:
running 4.7 with firewall, natd enabled kernel. i wish to create firewall
rules outside of the rc.firewall script that remain
On Sat, Oct 26, 2002 at 10:47:48PM +0100, Stacey Roberts wrote:
Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?]
From: Stacey Roberts [EMAIL PROTECTED]
To: D. Penev [EMAIL PROTECTED]
Cc: FreeBSD Questions [EMAIL PROTECTED]
Date: 26 Oct 2002 22:47:48 +0100
Hi,
Thanks
.
Hope this helps.
Stacey
On Sun, 2002-10-27 at 07:15, D. Penev wrote:
On Sat, Oct 26, 2002 at 10:47:48PM +0100, Stacey Roberts wrote:
Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?]
From: Stacey Roberts [EMAIL PROTECTED]
To: D. Penev [EMAIL PROTECTED]
Cc: FreeBSD
On Sun, Oct 27, 2002 at 10:50:47AM +, Stacey Roberts wrote:
Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?]
From: Stacey Roberts [EMAIL PROTECTED]
To: D. Penev [EMAIL PROTECTED]
Cc: FreeBSD Questions [EMAIL PROTECTED]
Date: 27 Oct 2002 10:50:47 +
Hi,
Here's
.
Cheers!
Stacey
On Sun, 2002-10-27 at 17:56, D. Penev wrote:
On Sun, Oct 27, 2002 at 10:50:47AM +, Stacey Roberts wrote:
Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?]
From: Stacey Roberts [EMAIL PROTECTED]
To: D. Penev [EMAIL PROTECTED]
Cc: FreeBSD Questions
On Mon, Oct 21, 2002 at 07:33:58PM +0100, Stacey Roberts wrote:
Subject: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?]
From: Stacey Roberts [EMAIL PROTECTED]
To: Andrew Boothman [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED],
FreeBSD Questions [EMAIL PROTECTED]
Date: 21 Oct 2002 19:33
in assisting
me in resolving this.
Thanks
On Sat, 2002-10-26 at 22:26, D. Penev wrote:
On Mon, Oct 21, 2002 at 07:33:58PM +0100, Stacey Roberts wrote:
Subject: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?]
From: Stacey Roberts [EMAIL PROTECTED]
To: Andrew Boothman [EMAIL
/ipfw.rules to
ipfw add allow ip from any to any
ipfw add allow udp from any to any 53
temporarily, so that i can use the machine, but would like to have a set
of basic ipfw rules in place.
can anyone tell me where i'm going wrong? i think it's hanging on the
bootup process because my ipfw.rules
-
From: Dan Pelleg [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; Redmond Militante
[EMAIL PROTECTED]
Sent: Monday, October 21, 2002 6:16 PM
Subject: RE: need help with ipfw rules
hi all
my apologies, this could get long as i'm including the text of various
config files:
i've been trying
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
hi
thanks for responding
On Mon, Oct 21, 2002 at 09:16:36PM -0400, Dan Pelleg expatiated with great perspicuity:
hi all
my apologies, this could get long as i'm including the text of various
config files:
i've been trying to learn
- Original Message -
From: Grant Cooper [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Friday, October 11, 2002 5:10 PM
Subject: Re: ipfw rules
I am having the same problem. I now just allow ftp from certain IP
address's. But doesn't the second rule,
# /sbin/upfw
I am able to use cvsup with our firewall. The problem is when actually trying
to install the software using the make command since the make command tries to
fetch the source tarball from a remote server using ftp.
If you have a proxy server running, try putting FETCH_ENV variable into
At 05:52 PM 10.10.2002 -0400, [EMAIL PROTECTED] wrote:
Could anyone please tell me what ipfw rules need to be set in order to allow
software installation through the ports collection? I tried adding a rule to
allow ftp outbound and although I can ftp out, I still cannot fetch the
source
tarball
On Thursday, October 10, 2002, at 03:06 PM, Jack L. Stone wrote:
At 05:52 PM 10.10.2002 -0400, [EMAIL PROTECTED] wrote:
Could anyone please tell me what ipfw rules need to be set in order to allow
software installation through the ports collection? I tried adding a rule to
allow ftp outbound
96 matches
Mail list logo
