From owner-freebsd-current  Fri Jun 28 04:58:45 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id EAA28455
          for current-outgoing; Fri, 28 Jun 1996 04:58:45 -0700 (PDT)
Received: from shogun.tdktca.com ([206.26.1.21])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id EAA28447;
          Fri, 28 Jun 1996 04:58:43 -0700 (PDT)
Received: from shogun.tdktca.com (daemon@localhost) by shogun.tdktca.com (8.7.2/8.7.2) with ESMTP id GAA05870; Fri, 28 Jun 1996 06:59:59 -0500 (CDT)
Received: from orion.fa.tdktca.com ([163.49.131.130]) by shogun.tdktca.com (8.7.2/8.7.2) with SMTP id GAA05863; Fri, 28 Jun 1996 06:59:59 -0500 (CDT)
Received: from orion (alex@localhost [127.0.0.1]) by orion.fa.tdktca.com (8.6.12/8.6.9) with SMTP id HAA12808; Fri, 28 Jun 1996 07:01:28 -0500
Message-ID: <31D3C997.CA9F25F@fa.tdktca.com>
Date: Fri, 28 Jun 1996 07:01:27 -0500
From: Alex Nash <alex@fa.tdktca.com>
Organization: TDK Factory Automation
X-Mailer: Mozilla 2.0 (X11; I; Linux 1.2.13 i586)
MIME-Version: 1.0
To: nate@mt.sri.com
CC: phk@FreeBSD.ORG, current@FreeBSD.ORG
Subject: Re: IPFW bugs?
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-current@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> Go re-read it.
> 
> I'll repeat the two rules again out of my original email, for the seeing
> impaired.
> 
> # Allow SSH/SMTP/DNS/POP3 connections to/from anywhere
> ipfw add  20 pass tcp from any to any 22,25,53,110 via $1
> 
> That's the DNS line:
> 
> # Allow NTP stuff through
> ipfw add pass all from any 123 to any via $1
> ipfw add pass all from any to any 123 via $1
> 
> And there's the NTP line.  No confusion except in your reading of it.

Peace, Nate.  We're all working towards a common goal.  This is what you 
posted the first time:

     And, if I add the lines:

     ipfw add pass tcp from any to any 123 via $1
     ipfw add pass udp from any to any 123 via $1
     ipfw add pass icmp from any to any 123 via $1

     I still can't do DNS resolution.  Weird, huh?

> > It's certainly a bug that you have rules with the same number, that
> > looks VERY weird to me, also where was your 65535 block all rule ?
> 
> I set them to be the same #.  Should I not?

It's easier from a insertion/deletion standpoint to space them out.
By default, rules are add with indexes 100 greater than the last 
index.  Having rules with the same index will not cause the rules
to fail in any way though.

Alex