On 3/10/06, Vladimir [EMAIL PROTECTED] wrote:
FreeBSD 5.4
Specifically, I can't figure out why rule 3800 is ignored... :confused:
ipfw не такой злобный, чтобы брать и игнорить правила :)
Попробуй добавить правило count сразу до или после
игнорируемого правила. Скорей всего таких пакетов
Kenneth W Cochran wrote:
How do I configure ipfw2 for properly forwarding the bittorrent
ports (6881-6889) to the destination machine? Log_in_vain is
natd(8) -redirect_port
ipfw will just forward the packet where as natd will rewrite it
___
Stec John wrote:
I need some help with ipfw2 on my squid box
I have too many dynamic rules errors for dns
Can I insert a dns static rule into my rules (as below) and how?
[ ... ]
# allow DNS,NTP queries out in the world
add pass udp from any 1024-65535 to any 53,123
add pass udp from any
Stec John wrote:
Hi Chuck, are you suggesting to add these dns rules on top of the existing
rules?
Yes.
Can I use allow instead of pass?
Yes, they mean the same thing:
allow Allow packets that match rule. The search terminates.
Aliases are pass,
: Re: ipfw2 - too many dynamic rules
Stec John wrote:
I need some help with ipfw2 on my squid box
I have too many dynamic rules errors for dns
Can I insert a dns static rule into my rules (as below) and how?
[ ... ]
# allow DNS,NTP queries out in the world
add pass udp from any 1024
On 7/1/05, fbsd_user [EMAIL PROTECTED] wrote:
Is there a way in 5.4 ipfw2 to reset/delete/clear a stateful rule's records
in the state table?
Never tried this myself, but probably by temporarily lowering
net.inet.ip.fw.dyn_*_lifetime?
--
Dmitry
We live less by imagination than despite it -
Ben wrote:
I'm sorry, I can't send this to the list because my messages to the list
bounce because reverse DNS isn't set up.
No worries, thanks a lot for answering.
This is funny, I just set this up for the first time yesterday except I
set everything up to have no IP addresses so that the
I hope I am sending this post to the right mailing list !!!
On Mon, 28 Feb 2005 07:06:58 +0200, abu khaled [EMAIL PROTECTED] wrote:
Greetings...
I recently build world and kernel with ipfw support. Can someone
provide examples on how to use these options (verrevpath, versrcreach
and
[EMAIL PROTECTED] wrote:
I have read the man page for ipfw and searched the web looking for examples
of using ipfw2 and the preprocessor option.
Does anybody have any examples?
Try somthing like the following in /etc/rc.conf:
#firewall_type='/etc/MY_firewall'
#firewall_flags='-p /usr/bin/cpp'
Doloonkhuch wrote:
Dear sir,
Now I'm using FreeBSD 5.2.1 release but now I can't compile new
kernel with IPFIREWALL_FORWARD option. Please tell me port forwarding
work or not work on FreeBSD 5.2.1 release. I think maybe IPFIREWALL
options
already included.
Best regards
Doloonkhuch.A
There is
On Mon, Aug 16, 2004 at 06:46:23PM +0200, Stefan Cars wrote:
I'm looking into if I should go with ipfw2 or ipfilter, anyone that could
point me to some links or tell me pro's and con's (both feature and
performance wise).
Unless your running quite a complicated setup or have specific
Matt,
IPFW2 is not compiled into 4.10 by default. At a shell, type man ipfw,
then a single forward slash (to bring up the search tool), then search
for STABLE a couple of times directions are in there
Here it is anyway
USING IPFW2 IN FreeBSD-STABLE
ipfw2 is standard in FreeBSD
On June 28, 2004, Matt [EMAIL PROTECTED] wrote:
Hello freebsd-newbies,
I am still fairly new at the BSD level, migrated from linux. The
question that I have is, is Version 4.10 kernel compiled with IPFW2,
I know the doc's say that CURRENT version has and that it was
implemented in 2002,
On Tuesday 25 May 2004 17:57, Elijah A.Chancey wrote:
I've searched high and low, and have read many times that doing mac
address filtering with ipfw is possible.
I'm running 4.9, have recompiled the kernel with 'options ipfw2', and
have recompiled libalias ipfw with ipfw2 support.
I've
From man ipfw
---
src and dst: {addr | { addr or ... }} [[not] ports]
addr: [not] {any | me | addr-list | addr-set}
addr-set: addr[/masklen]{list}
list: {num | num-num}[,list]
---
I think that it's right:
ipfw 1000 add permit all from 192.168.1.1/24{3,5,9} to any
but I see follwing:
On Tue, Dec 23, 2003 at 08:51:57AM -0500, Lee Dilkie wrote:
I think that it's right:
ipfw 1000 add permit all from 192.168.1.1/24{3,5,9} to any
but I see follwing:
ipfw: bad width ``243''
192.168.1.1/24{3,5,9} translates to 192.168.1.1/243, 192.168.1.1/245 or
192.168.1.1/249.
Uh,
On Mon, Oct 06, 2003 at 11:20:20PM +0200, Artur Pydo wrote:
So, my question is : Is there some incompatabilities between
ipfw2/dummynet and IPFilter or maybe there is a bug somewhere ?
I use ipf for filtering and ipfw2 for dummynet without a problem -
sounds like a problem with the dummynet side
[Redirected to -questions]
On Mon, Sep 22, 2003 at 08:07:13PM +0200, Uwe Klann wrote:
From the Log file IPFW:-
Sep 22 00:24:13 muc /kernel: ipfw: 3300 Accept TCP 217.10.213.30:4418
217.9.121.209:21 in via fxp0
How can I extend on FreeBSD 4.8 (ipfw2) the log contens to see the tranfered
Jason Morgan [EMAIL PROTECTED] writes:
I have a problem with my dynamic IPFW2 rules - they aren't dying. The
system has been up now for 14 days, with it acting as firewall to two
systems inside. One of the systems inside is also running IPFW2, but is
in an open state. Here is the ruleset I am
Kernel firewall settings:
options IPFW2
options IPFIREWALL #Firewall
options IPFIREWALL_VERBOSE #print info about dropped packets
options IPFIREWALL_VERBOSE_LIMIT=10 #limit verbosity
options IPV6FIREWALL
options
Please wrap your posts (everything except for computer output),
below 70-80 columns. It's very hard to read otherwise :-/
Micael Ebbmar [EMAIL PROTECTED] wrote:
: Excuse me if I'm posting to the wrong list, I thought at first that
: freebsd-ipfw should be the correct one, but obviously only
:
* Giorgos Keramidas [EMAIL PROTECTED] [021109 23:11]:
Web clients some times cache connections to web servers, hoping to save
some time from avoiding a reconnect for every GET request. Could it be
that your clients thinks that a cached connection is still valid long
after the dynamic ipfw
22 matches
Mail list logo