On 3/10/06, Vladimir <[EMAIL PROTECTED]> wrote:
> FreeBSD 5.4
>
> Specifically, I can't figure out why rule 3800 is ignored... :confused:
ipfw не такой злобный, чтобы брать и игнорить правила :)
Попробуй добавить правило count сразу до или после
"игнорируемого" правила. Скорей всего таких пакетов
Kenneth W Cochran wrote:
How do I configure ipfw2 for properly forwarding the bittorrent
ports (6881-6889) to the destination machine? Log_in_vain is
natd(8) -redirect_port
ipfw will just forward the packet where as natd will rewrite it
___
freebs
Hi Chuck, are you suggesting to add these dns rules on top of the existing
rules?
Can I use "allow" instead of "pass"?
- Original Message -
From: "Chuck Swiger" <[EMAIL PROTECTED]>
To: "Stec John" <[EMAIL PROTECTED]>
Cc:
Sent: Tuesday
Stec John wrote:
Hi Chuck, are you suggesting to add these dns rules on top of the existing
rules?
Yes.
Can I use "allow" instead of "pass"?
Yes, they mean the same thing:
allow Allow packets that match rule. The search terminates.
Aliases are pass, pe
Stec John wrote:
I need some help with ipfw2 on my squid box
I have too many dynamic rules errors for dns
Can I insert a dns static rule into my rules (as below) and how?
[ ... ]
# allow DNS,NTP queries out in the world
add pass udp from any 1024-65535 to any 53,123
add pass udp from any 53,1
On 7/1/05, fbsd_user <[EMAIL PROTECTED]> wrote:
> Is there a way in 5.4 ipfw2 to reset/delete/clear a stateful rule's records
> in the state table?
Never tried this myself, but probably by temporarily lowering
net.inet.ip.fw.dyn_*_lifetime?
--
Dmitry
"We live less by imagination than despite it
Ben wrote:
I'm sorry, I can't send this to the list because my messages to the list
bounce because reverse DNS isn't set up.
No worries, thanks a lot for answering.
This is funny, I just set this up for the first time yesterday except I
set everything up to have no IP addresses so that the
I hope I am sending this post to the right mailing list !!!
On Mon, 28 Feb 2005 07:06:58 +0200, abu khaled <[EMAIL PROTECTED]> wrote:
> Greetings...
>
> I recently build world and kernel with ipfw support. Can someone
> provide examples on how to use these options (verrevpath, versrcreach
> and a
[EMAIL PROTECTED] wrote:
I have read the man page for ipfw and searched the web looking for examples
of using ipfw2 and the preprocessor option.
Does anybody have any examples?
Try somthing like the following in /etc/rc.conf:
#firewall_type='/etc/MY_firewall'
#firewall_flags='-p /usr/bin/cpp'
...an
Doloonkhuch wrote:
Dear sir,
Now I'm using FreeBSD 5.2.1 release but now I can't compile new
kernel with IPFIREWALL_FORWARD option. Please tell me port forwarding
work or not work on FreeBSD 5.2.1 release. I think maybe IPFIREWALL
options
already included.
Best regards
Doloonkhuch.A
There is no
On Mon, Aug 16, 2004 at 06:46:23PM +0200, Stefan Cars wrote:
> I'm looking into if I should go with ipfw2 or ipfilter, anyone that could
> point me to some links or tell me pro's and con's (both feature and
> performance wise).
Unless your running quite a complicated setup or have specific
requir
Matt,
IPFW2 is not compiled into 4.10 by default. At a shell, type "man ipfw",
then a single forward slash (to bring up the search tool), then search
for STABLE a couple of times directions are in there
Here it is anyway
USING IPFW2 IN FreeBSD-STABLE
ipfw2 is standard in FreeBSD CUR
On June 28, 2004, Matt <[EMAIL PROTECTED]> wrote:
Hello freebsd-newbies,
I am still fairly new at the BSD level, migrated from linux. The
question that I have is, is Version 4.10 kernel compiled with IPFW2,
I know the doc's say that CURRENT version has and that it was
implemented in 2002, y
On Tuesday 25 May 2004 17:57, Elijah A.Chancey wrote:
> I've searched high and low, and have read many times that doing mac
> address filtering with ipfw is possible.
>
> I'm running 4.9, have recompiled the kernel with 'options ipfw2', and
> have recompiled libalias & ipfw with ipfw2 support.
>
>
On Tue, Dec 23, 2003 at 08:51:57AM -0500, Lee Dilkie wrote:
> > I think that it's right:
> > ipfw 1000 add permit all from 192.168.1.1/24{3,5,9} to any
> > but I see follwing:
> > ipfw: bad width ``243''
> 192.168.1.1/24{3,5,9} translates to 192.168.1.1/243, 192.168.1.1/245 or
> 192.168.1.1/
> >From man ipfw
> ---
> src and dst: {addr | { addr or ... }} [[not] ports]
> addr: [not] {any | me | addr-list | addr-set}
> addr-set: addr[/masklen]{list}
> list: {num | num-num}[,list]
> ---
>
> I think that it's right:
> ipfw 1000 add permit all from 192.168.1.1/24{3,5,9} to any
> but I see fo
On Mon, Oct 06, 2003 at 11:20:20PM +0200, Artur Pydo wrote:
> So, my question is : Is there some incompatabilities between
> ipfw2/dummynet and IPFilter or maybe there is a bug somewhere ?
I use ipf for filtering and ipfw2 for dummynet without a problem -
sounds like a problem with the dummynet sid
[Redirected to -questions]
On Mon, Sep 22, 2003 at 08:07:13PM +0200, Uwe Klann wrote:
> >From the Log file IPFW:-
> "Sep 22 00:24:13 muc /kernel: ipfw: 3300 Accept TCP 217.10.213.30:4418
> 217.9.121.209:21 in via fxp0"
>
> How can I extend on FreeBSD 4.8 (ipfw2) the log contens to see the tranfer
Quoting Bruce Campbell <[EMAIL PROTECTED]>:
>
>
> With ipfw1 on 4.8 I use this:
>
> ipfw add 10 check-state
> ipfw add 20 allow tcp from xxx.xxx.xxx.0/24 to any keep-state limit src-addr 10
>
> to provide stateful firewalling, and limit the number of simultaneous
> tcp sessions to 10 per client
Jason Morgan <[EMAIL PROTECTED]> writes:
> I have a problem with my dynamic IPFW2 rules - they aren't dying. The
> system has been up now for 14 days, with it acting as firewall to two
> systems inside. One of the systems inside is also running IPFW2, but is
> in an open state. Here is the ruleset
Kernel firewall settings:
options IPFW2
options IPFIREWALL #Firewall
options IPFIREWALL_VERBOSE #print info about dropped packets
options IPFIREWALL_VERBOSE_LIMIT="10" #limit verbosity
options IPV6FIREWALL
options IPV6FIREWALL_VERB
What part is not working? Can you nat through? Perhaps you could add
some logging to see which packets are failing and why.
Do you have the following in the kernel?
optionsIPFIREWALL
optionsIPFIREWALL_VERBOSE
optionsIPDIVERT
Let us know.
Steve
Jason Morgan wrote:
OK, I've read the
On 2002-11-10 00:08, Micael Ebbmar <[EMAIL PROTECTED]> wrote:
> * Giorgos Keramidas <[EMAIL PROTECTED]> [021109 23:11]:
> >
> > Web clients some times cache connections to web servers, hoping to
> > save some time from avoiding a reconnect for every GET request.
> > Could it be that your clients th
* Giorgos Keramidas <[EMAIL PROTECTED]> [021109 23:11]:
>
> Web clients some times cache connections to web servers, hoping to save
> some time from avoiding a reconnect for every GET request. Could it be
> that your clients thinks that a cached connection is still valid long
> after the dynamic
Please wrap your posts (everything except for computer output),
below 70-80 columns. It's very hard to read otherwise :-/
Micael Ebbmar <[EMAIL PROTECTED]> wrote:
: Excuse me if I'm posting to the wrong list, I thought at first that
: freebsd-ipfw should be the correct one, but obviously only
: d
25 matches
Mail list logo