Date: Sun, 9 Feb 1997 12:43:05 +1100 (EST) From: "Daniel O'Callaghan" <danny@panda.hilink.com.au> To: Robert Shady <rls@mail.id.net> Cc: Julian Elischer <julian@whistle.com>, tiller@connectnet.com, FreeBSD-Questions@freebsd.org, FreeBSD-ISP@freebsd.org Subject: Re: Packet filtering help please Message-ID: <Pine.BSF.3.91.970209124130.427v-100000@panda.hilink.com.au> In-Reply-To: <199702090005.TAA06715@server.id.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 8 Feb 1997, Robert Shady wrote:
> >
> > add the following code to the rc file
> > ipfw add 10000 allow ip from all to all
> > ipfw add 1000 deny ip from {his address}
> >
> >
> > that should about do it..
> > remember that the default rule is:
> > ipfw add 65536 deny ip from any to any
> >
> > so you need to add the allow rule above via /etc/rc
> > because you won't be able to get to the box to do it by hand :)
>
> Also remember that the numbers are the 'rules numbers', they are
> parsed from highest to lowest, and everyone must be different.
> In the above example, it starts our like this
No. The rules are parsed in ascending rule number order. Rules can have
the same number. Rules with the same number are parsed in the order they
were added to the system (first come first parsed.)
Danny
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.970209124130.427v-100000>