The cvsup process uses port 5999
add this rule to
# Allow out FBSD (make install CVSUP) functions
# Basically give user root GOD privileges.
allow tcp from me to any out via $pif setup keep-state uid root
$pif = interface facing the public internet
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Chris
Nowlin
Sent: Friday, February 06, 2004 11:58 AM
To: [EMAIL PROTECTED]
Subject: firewall rule(s) for ports and packages
I'm trying out 5.1 and 5.2, and with each, I utilize IPFW2 for the
firewall. My rules allow passive FTP from the server, but often this
does not seem to cover me when adding ports. To temporarily solve
this
(each time with the intention to find the correct solution) I just
add a
rule at the top to allow tcp from any to any via any. When the port
install is done, I delete that rule.
This is certainly the way I've had to do it when adding ports inside
a
jail - even things that worked from the main server, don't get past
the
firewall from inside the jail. I use to me and from me to
identify
the server, which only has one network interface. It's listening on
two
IPs (after creating the jail, I had to ifconfig an alias for the
interface) but I thought that me would imply any IP address the
interface was listening to.
Surely there is a better way. For the me part I can always have
two
rules, one allowing the appropriate traffic for each IP address
(instead
of just using me) but what about a solution for the quick-fix when
adding ports?
Thanks,
Chris
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
[EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
