Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 24 Oct 2002 09:57:45 +0200
From:      Cristiano Deana <deana@bmm.it>
To:        ipfw@FreeBSD.ORG
Subject:   ipfw2. 
Message-ID:  <200210240951.06541@freecris>

Next in thread | Raw E-Mail | Index | Archive | Help
What am I missing?

# uname -sv
FreeBSD FreeBSD 4.7-STABLE #14: Fri Oct 18 15:04:59 CEST 2002

# dmesg | grep ipfw
ipfw2 initialized, divert enabled, rule-based forwarding enabled, default to 
deny, logging limited to 100 packets/entry by default

# ifconfig xl0 | grep inet
        inet 213.144.77.133 netmask 0xffffff80 broadcast 213.144.77.255

# ipfw list
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
10000 allow log icmp from 213.144.77.0/24{199,200,201} to 213.144.77.133
11000 deny log icmp from any to 213.144.77.133
65000 allow ip from any to any
65535 deny ip from any to any

# pinging from 213.144.77.200 to 213.144.77.133

# tail /var/log/security
Oct 24 09:38:58 freecris /kernel: ipfw: 11000 Deny ICMP:8.0 213.144.77.200 
213.144.77.133 in via xl0
Oct 24 09:39:12 freecris last message repeated 2 times

# ipfw show | grep icmp
10000          0          0 allow log icmp from 213.144.77.0/24{199,200,201} 
to 213.144.77.133
11000         33       2772 deny log icmp from any to 213.144.77.133

I think i'm missing some basic rule.
Why icmp packets coming from 213.144.77.200 didn't match rules #10000?

Thanks in advance,
cris.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?200210240951.06541>