Date: Mon, 3 Apr 2006 13:47:05 -0400 From: "Bob Johnson" <fbsdlists@gmail.com> To: michael <micatod@koproject.org> Cc: Duane Whitty <duane@greenmeadow.ca>, bobo1009@mailtest2.eng.ufl.edu, questions@freebsd.org Subject: Re: ipfw dosn"t want to run a rule ???? is it possible ? Message-ID: <54db43990604031047q13aa50ecldac8799c8d7c3a41@mail.gmail.com> In-Reply-To: <442EFB06.6040808@koproject.org> References: <442EF069.7020105@koproject.org> <442EF841.6040406@greenmeadow.ca> <442EFB06.6040808@koproject.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4/1/06, michael <micatod@koproject.org> wrote: > Thanx for ure answer, u're french is prety understandable ;-) > > I'm really sorry, i dont have subscribe to this mailing list, i was > trying to send mail to questions@freebsd.org-fr and i've made a mistake, > and the second mail was for another mailling list (what happend this > evening ???) but if u're able to help me it's welcome. > questions@freebsd.org is a mailing list > This is my problem (sorry for my bad english): > I've made a firewall with ipfw on a freebsd 6, i sent the rules (ipfw -a > -d -t list) and the log > > I really don't understand why the packet don't match with the rule. Sorry I can't reply in French, but from your original posting: 00020 0 0 skipto 800 udp from any to any dst-port 53 out via rl0 setup keep-state 00021 0 0 skipto 800 udp from any to any dst-port 53 out via rl0 setup keep-state 00022 0 0 skipto 800 tcp from any to any dst-port 53 out via rl0 setup keep-state 00023 0 0 skipto 800 udp from any to any out via rl0 setup keep-state I don't think there is such a thing as a UDP "setup" packet, so a UDP "setup" filter will probably never match a packet. It might work as you expect if you removed "setup" from the UDP packet filters. - Bob
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54db43990604031047q13aa50ecldac8799c8d7c3a41>