From owner-freebsd-questions@FreeBSD.ORG Thu Mar 3 19:51:23 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DBA3716A4CE for ; Thu, 3 Mar 2005 19:51:22 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.206]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6BCF643D1D for ; Thu, 3 Mar 2005 19:51:22 +0000 (GMT) (envelope-from subhro.kar@gmail.com) Received: by wproxy.gmail.com with SMTP id 70so618385wra for ; Thu, 03 Mar 2005 11:51:21 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:from:to:subject:date:mime-version:x-mailer:content-type:in-reply-to:x-mimeole:thread-index:message-id; b=Q+dApeQ9AXCkBzdhx84xcuEPGCuMgzcc+YRbNlOWJLiS0M5GPIY4+TkcEhsaOrdnzoxK+QZSZcJzcmgE98sm9/cgk9wec+r7BPWpNcMbvuuSQ0M6vq349G672NCYkB8Q9X5zIKwu0wgvf6TEqcPdYETJUwkjwjcEAbyWLrURYo8= Received: by 10.54.67.16 with SMTP id p16mr79088wra; Thu, 03 Mar 2005 11:51:20 -0800 (PST) Received: from firebox ([59.93.160.34]) by smtp.gmail.com with ESMTP id g5sm323709wra.2005.03.03.11.51.18; Thu, 03 Mar 2005 11:51:20 -0800 (PST) From: "Subhro" To: "'Paul Schmehl'" , "'FreeBSD questions'" Date: Fri, 4 Mar 2005 01:21:11 +0530 MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook, Build 11.0.6353 Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_0000_01C52058.729F4AA0" In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 Thread-Index: AcUgKPkaZ0YVrOCHSwun5kpCfJSdtwAAT2Yw Message-ID: <42276ab8.5a7f85a2.4c2a.3e73@smtp.gmail.com> Subject: RE: ipfw lost its mind? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Mar 2005 19:51:23 -0000 This is a multi-part message in MIME format. ------=_NextPart_000_0000_01C52058.729F4AA0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Do you block UDP? I am asking this because, I *used* do a block on all UDP except the DNS port and had exactly the same problem. Regards S. Indian Institute of Information Technology Subhro Sankha Kar Block AQ-13/1, Sector V Salt Lake City PIN 700091 India > -----Original Message----- > From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd- > questions@freebsd.org] On Behalf Of Paul Schmehl > Sent: Friday, March 04, 2005 1:09 > To: FreeBSD questions > Subject: Re: ipfw lost its mind? > > --On Thursday, March 03, 2005 01:48:16 PM -0500 Chuck Swiger > wrote: > > > > TCP connections are bidirectional, therefore you need to add rules which > > allow traffic from all back to your workstation, or else use keep-state > > and check-state to use dynamic rules.... > > The firewall script already had a rule for that: > allow ip from {server} to any > > The problem wasn't that the firewall was *stopping* legitimate packets. > It > was just *slowing them down* like crazy. Very weird. > > Paul Schmehl (pauls@utdallas.edu) > Adjunct Information Security Officer > The University of Texas at Dallas > AVIEN Founding Member > http://www.utdallas.edu > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org" ------=_NextPart_000_0000_01C52058.729F4AA0 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJ4TCCAj0w ggGmAhEAzbp/VvDf5LxU/iKss3KqVTANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEXMBUG A1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2Vy dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwMTI5MDAwMDAwWhcNMjgwODAxMjM1OTU5WjBfMQsw CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVi bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0A MIGJAoGBAOUZv22jVmEtmUhx9mfeuY3rt56GgAqRDvo4Ja9GiILlc6igmyRdDR/MZW4MsNBWhBiH mgabEKFz37RYOWtuwfYV1aioP6oSBo0xrH+wNNePNGeICc0UEeJORVZpH3gCgNrcR5EpuzbJY1zF 4Ncth3uhtzKwezC6Ki8xqu6jZ9rbAgMBAAEwDQYJKoZIhvcNAQECBQADgYEATD+4i8Zo3+5DMw5d 6abLB4RNejP/khv0Nq3YlSI2aBFsfELM85wuxAc/FLAPT/+Qknb54rxK6Y/NoIAK98Up8YIiXbix 3YEjo3slFUYweRb46gVLlH8dwhzI47f0EEA8E8NfH1PoSOSGtHuhNbB7Jbq4046rPzidADQAmPPR cZQwggNmMIICz6ADAgECAhANi0/uqtIYW/R1ap0p4X/7MA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNV BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMg UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05ODA1MTIwMDAwMDBaFw0wODA1MTIy MzU5NTlaMIHMMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1 c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNv cnAuIEJ5IFJlZi4sTElBQi5MVEQoYyk5ODFIMEYGA1UEAxM/VmVyaVNpZ24gQ2xhc3MgMSBDQSBJ bmRpdmlkdWFsIFN1YnNjcmliZXItUGVyc29uYSBOb3QgVmFsaWRhdGVkMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQC7WkSKBBa7Vf0DeootlE8VeDa4DUqyb5xUv7zodyqdufBou5XZMUFweoFL uUgTVi3HCOGEQqvAopKrRFyqQvCCDgLpL/vCO7u+yScKXbawNkIztW5UiE+HSr8Z2vkV6A+Hthzj zMaajn9qJJLj/OBluqexfu/J2zdqyErICQbkmQIDAQABo4G0MIGxMBEGCWCGSAGG+EIBAQQEAwIB BjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vY3JsLnZlcmlzaWduLmNvbS9wY2ExLjEuMS5jcmww RwYDVR0gBEAwPjA8BgtghkgBhvhFAQcBATAtMCsGCCsGAQUFBwIBFh93d3cudmVyaXNpZ24uY29t L3JlcG9zaXRvcnkvUlBBMA8GA1UdEwQIMAYBAf8CAQAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEB AgUAA4GBAEJ8Dt+MeUysvwjsTVUvUImgxV5OLl6VMpt5rWURCxxKUsTVqDEhjt4Qm2wIxQfmA7nn yDR4CQnyvAZC+FqMg9GK3qoi9dnjIdLPZYwGM7DNILIzzQq9PuGdwTWpZLCnpSRb6fFo6xPEfDf0 lGQNmsW9MxfvgzOgPuWqPq7Ycx+tMIIEMjCCA5ugAwIBAgIQOo5O0s00DtVmctud5DTy6zANBgkq hkiG9w0BAQUFADCBzDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWdu IFRydXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9SUEEg SW5jb3JwLiBCeSBSZWYuLExJQUIuTFREKGMpOTgxSDBGBgNVBAMTP1ZlcmlTaWduIENsYXNzIDEg Q0EgSW5kaXZpZHVhbCBTdWJzY3JpYmVyLVBlcnNvbmEgTm90IFZhbGlkYXRlZDAeFw0wNDExMTEw MDAwMDBaFw0wNTA3MTgyMzU5NTlaMIIBEjEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNV BAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVw b3NpdG9yeS9SUEEgSW5jb3JwLiBieSBSZWYuLExJQUIuTFREKGMpOTgxHjAcBgNVBAsTFVBlcnNv bmEgTm90IFZhbGlkYXRlZDE0MDIGA1UECxMrRGlnaXRhbCBJRCBDbGFzcyAxIC0gTWljcm9zb2Z0 IEZ1bGwgU2VydmljZTETMBEGA1UEAxQKU3ViaHJvIEthcjEjMCEGCSqGSIb3DQEJARYUc3ViaHJv LmthckBnbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKzp0P4Gh5arpymZu4cW FUb1gQ+qcJtb5B788xi2oskigeKdCgj9tiw5VdAW2rXoOO435Ch2mjBylJb49TFDfy636Fw0F5ij VuyIwtVQQANoiMICBZ8MIZyrBSK9/PyoHeITsnIoCucE4qYGkLL3CYzijoU/iZGwAS0iif7H2jJL AgMBAAGjgcswgcgwCQYDVR0TBAIwADBEBgNVHSAEPTA7MDkGC2CGSAGG+EUBBxcDMCowKAYIKwYB BQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwCwYDVR0PBAQDAgWgMB0GA1UdJQQW MBQGCCsGAQUFBwMEBggrBgEFBQcDAjAUBgpghkgBhvhFAQYHBAYWBE5vbmUwMwYDVR0fBCwwKjAo oCagJIYiaHR0cDovL2NybC52ZXJpc2lnbi5jb20vY2xhc3MxLmNybDANBgkqhkiG9w0BAQUFAAOB gQBdijWu576noKjQbr0tQSROebsGab9JvR9rh3t9WagovURLjgi6zX/U6IxUSEXi4ECXtSZtEFpL 6yNUq+/mxEXvG7RX0Pe0T5iULmJxxrzO3Qvnc0UJJHKaYd5F4JD3c6YanGjwx3vDEfDQT8pzxHtb PXp6n18sFnbfiFG0ytSKPjGCBD4wggQ6AgEBMIHhMIHMMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5j LjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWdu LmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNvcnAuIEJ5IFJlZi4sTElBQi5MVEQoYyk5ODFIMEYGA1UE AxM/VmVyaVNpZ24gQ2xhc3MgMSBDQSBJbmRpdmlkdWFsIFN1YnNjcmliZXItUGVyc29uYSBOb3Qg VmFsaWRhdGVkAhA6jk7SzTQO1WZy253kNPLrMAkGBSsOAwIaBQCgggKyMBgGCSqGSIb3DQEJAzEL BgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA1MDMwMzE5NTExMFowIwYJKoZIhvcNAQkEMRYE FCnu/dpEgpbsFcf/2HzEa0MOMeH8MGcGCSqGSIb3DQEJDzFaMFgwCgYIKoZIhvcNAwcwDgYIKoZI hvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMAcGBSsOAwIa MAoGCCqGSIb3DQIFMIHyBgkrBgEEAYI3EAQxgeQwgeEwgcwxFzAVBgNVBAoTDlZlcmlTaWduLCBJ bmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMUYwRAYDVQQLEz13d3cudmVyaXNp Z24uY29tL3JlcG9zaXRvcnkvUlBBIEluY29ycC4gQnkgUmVmLixMSUFCLkxURChjKTk4MUgwRgYD VQQDEz9WZXJpU2lnbiBDbGFzcyAxIENBIEluZGl2aWR1YWwgU3Vic2NyaWJlci1QZXJzb25hIE5v dCBWYWxpZGF0ZWQCEDqOTtLNNA7VZnLbneQ08uswgfQGCyqGSIb3DQEJEAILMYHkoIHhMIHMMRcw FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFG MEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNvcnAuIEJ5IFJlZi4s TElBQi5MVEQoYyk5ODFIMEYGA1UEAxM/VmVyaVNpZ24gQ2xhc3MgMSBDQSBJbmRpdmlkdWFsIFN1 YnNjcmliZXItUGVyc29uYSBOb3QgVmFsaWRhdGVkAhA6jk7SzTQO1WZy253kNPLrMA0GCSqGSIb3 DQEBAQUABIGAAQklaP43W9fWrwF0wevnx/LuBMvrfZDJHaHzQ1O5RdEjE5RERV/jIi9CNWl5bD3n tMHRAuBtZSbF5LoPvQaQbX4Mo+teD8ha+PwwvROHEXhstWZ4406in9gGwykRt5L26md4Lf39zC0L pJ6iZ1y3sinH2wk0RUBJGTjwwdqEKVsAAAAAAAA= ------=_NextPart_000_0000_01C52058.729F4AA0--