Date: Tue, 04 Apr 2006 01:45:03 +0200 From: michael <micatod@koproject.org> To: Bob Johnson <fbsdlists@gmail.com> Cc: Duane Whitty <duane@greenmeadow.ca>, bobo1009@mailtest2.eng.ufl.edu, questions@freebsd.org Subject: Re: ipfw dosn"t want to run a rule ???? is it possible ? Message-ID: <4431B37F.7040306@koproject.org> In-Reply-To: <54db43990604031047q13aa50ecldac8799c8d7c3a41@mail.gmail.com> References: <442EF069.7020105@koproject.org> <442EF841.6040406@greenmeadow.ca> <442EFB06.6040808@koproject.org> <54db43990604031047q13aa50ecldac8799c8d7c3a41@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ok, u're right, i set up the rules and all is ok, now i've two problems: first, i think i'm resolving it... => i want to block MAC adress, so i've found informations who explain the nessessary BRIDGE option in the kernel conf (so i'm compiling a new one at the moment) and later => ipfw add deny from any to any MAC any xx:xx:xx:xx:xx ... will work... second, i will block traffic like msn or other messenger using the port 80, and block sites filtering his contents, and for that i've no idea how to do that so if someone have understand what i try to explain in english... thanx for ure help Michael. Bob Johnson a écrit : >On 4/1/06, michael <micatod@koproject.org> wrote: > > >>Thanx for ure answer, u're french is prety understandable ;-) >> >>I'm really sorry, i dont have subscribe to this mailing list, i was >>trying to send mail to questions@freebsd.org-fr and i've made a mistake, >>and the second mail was for another mailling list (what happend this >>evening ???) but if u're able to help me it's welcome. >> >> >> > >questions@freebsd.org is a mailing list > > > >>This is my problem (sorry for my bad english): >>I've made a firewall with ipfw on a freebsd 6, i sent the rules (ipfw -a >>-d -t list) and the log >> >>I really don't understand why the packet don't match with the rule. >> >> > >Sorry I can't reply in French, but from your original posting: > >00020 0 0 skipto 800 udp from any to any dst-port 53 out via rl0 setup >keep-state >00021 0 0 skipto 800 udp from any to any dst-port 53 out via rl0 setup >keep-state >00022 0 0 skipto 800 tcp from any to any dst-port 53 out via rl0 setup >keep-state >00023 0 0 skipto 800 udp from any to any out via rl0 setup keep-state > >I don't think there is such a thing as a UDP "setup" packet, so a UDP >"setup" filter will probably never match a packet. It might work as >you expect if you removed "setup" from the UDP packet filters. > >- Bob > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4431B37F.7040306>