Date: Sun, 17 Oct 1999 18:55:41 -0400 From: "Francisco Reyes" <fran@reyes.somos.net> To: "Ken Kyler" <ken@kyler.com> Cc: "FreeBSD questions" <questions@freebsd.org> Subject: RE: Firewalls for Morons Message-ID: <199910172255.SAA24581@sanson.reyes.somos.net>
next in thread | raw e-mail | index | archive | help
On Sun, 17 Oct 1999 16:50:04 -0400, Ken Kyler wrote: >Interesting. I had initially built the kernel with... > ># added by kyler >options IPFIREWALL >options IPDIVERT >options IPFIREWALL_VERBOSE >#options IPFIREWALL_DEFAULT_TO_ACCEPT Those options look ok. Just to be on the safe side why don't you take out the default_to_accept and re-build the kernel. The only thing I have which you did not listed is options IPFIREWALL_VERBOSE_LIMIT=50 #Limit verbosity But that shouldnt' be the reason why you are not getting anything logged. It wouldn't hurt to add it anyway. >They have to be as everything works fine once I add the rule "ipfw add allow >all from any to any" I am running out of suggestions. Try with an "open" firewall. Then ad a rule from a shell ipfw add ## allow log from any to any Make ## a number lower than the existing "allow any to any" rule. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199910172255.SAA24581>