Date: Fri, 28 Jun 1996 08:36:28 +0200 (SAT) From: R Bezuidenhout <rbezuide@mikom.csir.co.za> To: nate@mt.sri.com (Nate Williams) Cc: nate@mt.sri.com, phk@FreeBSD.ORG, current@FreeBSD.ORG Subject: Re: IPFW bugs? Message-ID: <199606280636.IAA24844@zibbi.mikom.csir.co.za> In-Reply-To: <199606280606.AAA13890@rocky.mt.sri.com> from Nate Williams at "Jun 28, 96 00:06:54 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Hi all > > > Add "log" to all rules and see which number lets you though. > > > > Ahh, I didn't realize you could 'log' accept rules. I'll do that. > > OK, here's the rule that let's *EVERYTHING* through. > > # Should be allowing DNS through, which can be either UDP/TCP > ipfw add 21 pass log all from any 53 to any via $1 I tried this rule because I haven't seen anything like this before ... duzi# ipfw list FireWall chain entries: 128 0 65000 accept all from any to any 65535 deny all from any to any duzi# ipfw add 21 pass log all from any 53 to any via ed0 00021 accept log all from any 53 to any via ed0 duzi# ipfw list FireWall chain entries: 192 0 00021 accept log all from any 53 to any via ed0 65000 accept all from any to any 65535 deny all from any to any duzi# ipfw delete 65000 Connection gone ..... According to this .. it is "seems" :) impossible that rule 21 can cause *EVERYTHING* to go through ! Another thing .. if you are able to delete the default rule then you do not "I think" :) have the latest ipfw, user level and kernel. Are you 0.0.0.0/0 instead of all ??? Bye > > But, I get icmp packets, telnet, ftp, etc... > > Somehow the '53' port isn't being used at all. > > > Nate > -- ######################################################################## # # # Reinier Bezuidenhout Company: Mikomtek CSIR, ZA # # # # Network Engineer - NetSec development team # # # # Current Projects: NetSec - Secure Platform firewall system # # http://www.mikom.csir.co.za # # # # E-mail: rbezuide@mikom.csir.co.za # # # ########################################################################
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606280636.IAA24844>