From owner-freebsd-questions@FreeBSD.ORG Mon Apr 3 17:47:07 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 16E6A16A400 for ; Mon, 3 Apr 2006 17:47:07 +0000 (UTC) (envelope-from fbsdlists@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6711543D78 for ; Mon, 3 Apr 2006 17:47:06 +0000 (GMT) (envelope-from fbsdlists@gmail.com) Received: by wproxy.gmail.com with SMTP id 36so1263327wra for ; Mon, 03 Apr 2006 10:47:05 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=AwycKDxQaBDmQICDjuHmyba2rgRLQ6zeUmfDjsMjUoKcShAUl9dXpr4sZOj0xbPax6dvj6ojwJ+NZQ9JyASZznv/RbwOrMEf7GpvRxTknL9o6aoJLK/vumiyYlPOF5B0OGjtAEKBw/3Zc+JhpQh1ytTMfWrp+WAsotAhlsaMPwI= Received: by 10.65.233.19 with SMTP id k19mr806454qbr; Mon, 03 Apr 2006 10:47:05 -0700 (PDT) Received: by 10.65.206.4 with HTTP; Mon, 3 Apr 2006 10:47:05 -0700 (PDT) Message-ID: <54db43990604031047q13aa50ecldac8799c8d7c3a41@mail.gmail.com> Date: Mon, 3 Apr 2006 13:47:05 -0400 From: "Bob Johnson" To: michael In-Reply-To: <442EFB06.6040808@koproject.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <442EF069.7020105@koproject.org> <442EF841.6040406@greenmeadow.ca> <442EFB06.6040808@koproject.org> Cc: Duane Whitty , bobo1009@mailtest2.eng.ufl.edu, questions@freebsd.org Subject: Re: ipfw dosn"t want to run a rule ???? is it possible ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2006 17:47:07 -0000 On 4/1/06, michael wrote: > Thanx for ure answer, u're french is prety understandable ;-) > > I'm really sorry, i dont have subscribe to this mailing list, i was > trying to send mail to questions@freebsd.org-fr and i've made a mistake, > and the second mail was for another mailling list (what happend this > evening ???) but if u're able to help me it's welcome. > questions@freebsd.org is a mailing list > This is my problem (sorry for my bad english): > I've made a firewall with ipfw on a freebsd 6, i sent the rules (ipfw -a > -d -t list) and the log > > I really don't understand why the packet don't match with the rule. Sorry I can't reply in French, but from your original posting: 00020 0 0 skipto 800 udp from any to any dst-port 53 out via rl0 setup keep-state 00021 0 0 skipto 800 udp from any to any dst-port 53 out via rl0 setup keep-state 00022 0 0 skipto 800 tcp from any to any dst-port 53 out via rl0 setup keep-state 00023 0 0 skipto 800 udp from any to any out via rl0 setup keep-state I don't think there is such a thing as a UDP "setup" packet, so a UDP "setup" filter will probably never match a packet. It might work as you expect if you removed "setup" from the UDP packet filters. - Bob