From owner-freebsd-questions@FreeBSD.ORG Sat Apr 1 21:02:40 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1317816A41F for ; Sat, 1 Apr 2006 21:02:40 +0000 (UTC) (envelope-from micatod@koproject.org) Received: from smtp4-g19.free.fr (smtp4-g19.free.fr [212.27.42.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 43E3F43D48 for ; Sat, 1 Apr 2006 21:02:38 +0000 (GMT) (envelope-from micatod@koproject.org) Received: from [192.168.0.12] (lap34-2-82-237-92-40.fbx.proxad.net [82.237.92.40]) by smtp4-g19.free.fr (Postfix) with ESMTP id 30885526E0 for ; Sat, 1 Apr 2006 23:02:37 +0200 (CEST) Message-ID: <442EEA75.90401@koproject.org> Date: Sat, 01 Apr 2006 23:02:45 +0200 From: michael User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051013) X-Accept-Language: fr, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Subject: ipfw n'applique pas une regle ???? est-ce possible ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Apr 2006 21:02:40 -0000 Bonjour, J'ai un firewall sous freebsd 6 avec ipfw J'autorise bien le port 53 en udp et tcp de n'importe ou vers n'importe ou en sortie avec les regles 20,21,22,23 mais visiblement, il n'en tient pas compte. Si je me connecte à un site avec l'ip ca marche. Si quelqu'un a une idée... ca m'aiderai beaucoup, je comprends vraiment pas ce qui se passe... merci Michael. ps1: la regle 450 bloque. Or celle ci ne devrai pas s'appliquer puisque le paquet devrai répondre à la 20 et être redirigé vers la 800. ps2: la regle 40 (suivante) est bien appliqué je peux naviguer sur un site avec l'ip. voici les logs: Mar 25 10:24:25 ns0 kernel: ipfw: 450 Deny UDP 82.237.92.40:53 212.27.53.252:53 out via rl0 Mar 25 10:24:25 ns0 kernel: ipfw: 450 Deny UDP 82.237.92.40:53 212.27.54.252:53 out via rl0 Mar 25 10:24:25 ns0 kernel: ipfw: 450 Deny UDP 82.237.92.40:53 212.27.53.252:53 out via rl0 Mar 25 10:24:25 ns0 kernel: ipfw: 450 Deny UDP 82.237.92.40:53 212.27.54.252:53 out via rl0 voici les regles: 00005 113 21648 Sat Mar 25 10:21:30 2006 allow ip from any to any via rl1 00010 22 2548 Sat Mar 25 10:20:02 2006 allow ip from any to any via lo0 00014 151 17081 Sat Mar 25 10:21:30 2006 divert 8668 ip from any to any in via rl0 00015 0 0 check-state 00020 0 0 skipto 800 udp from any to any dst-port 53 out via rl0 setup keep-state 00021 0 0 skipto 800 udp from any to any dst-port 53 out via rl0 setup keep-state 00022 0 0 skipto 800 tcp from any to any dst-port 53 out via rl0 setup keep-state 00023 0 0 skipto 800 udp from any to any out via rl0 setup keep-state 00040 36 11755 Sat Mar 25 10:21:28 2006 skipto 800 tcp from any to any dst-port 80 out via rl0 setup keep-state 00070 0 0 skipto 800 tcp from me to any out via rl0 setup uid root keep-state 00080 3 108 Sat Mar 25 10:19:35 2006 skipto 800 icmp from any to any out via rl0 keep-state 00300 0 0 deny ip from 192.168.0.0/16 to any in via rl0 00301 0 0 deny ip from 172.16.0.0/12 to any in via rl0 00302 0 0 deny ip from 10.0.0.0/8 to any in via rl0 00303 0 0 deny ip from 127.0.0.0/8 to any in via rl0 00304 0 0 deny ip from 0.0.0.0/8 to any in via rl0 00305 0 0 deny ip from 169.254.0.0/16 to any in via rl0 00306 0 0 deny ip from 192.0.2.0/24 to any in via rl0 00307 0 0 deny ip from 204.152.64.0/23 to any in via rl0 00308 0 0 deny ip from 224.0.0.0/3 to any in via rl0 00315 0 0 deny tcp from any to any dst-port 113 in via rl0 00320 0 0 deny tcp from any to any dst-port 137 in via rl0 00321 0 0 deny tcp from any to any dst-port 138 in via rl0 00322 0 0 deny tcp from any to any dst-port 139 in via rl0 00323 0 0 deny tcp from any to any dst-port 81 in via rl0 00330 0 0 deny ip from any to any frag in via rl0 00332 22 4251 Sat Mar 25 10:20:54 2006 deny tcp from any to any established in via rl0 00400 109 5472 Sat Mar 25 10:21:30 2006 deny ip from any to any in via rl0 00450 107 6915 Sat Mar 25 10:21:26 2006 deny log ip from any to any out via rl0 00800 20 4553 Sat Mar 25 10:21:28 2006 divert 8668 ip from any to any out via rl0 00801 39 11863 Sat Mar 25 10:21:28 2006 allow ip from any to any 00999 0 0 deny log ip from any to any 65535 32459 2707961 Sat Mar 25 10:18:57 2006 allow ip from any to any ## Dynamic rules (3): 00040 12 2448 (298s) STATE tcp 192.168.0.12 58076 <-> 216.239.39.104 80 00040 22 9187 (298s) STATE tcp 192.168.0.12 58075 <-> 216.239.39.104 80