Date: Sat, 6 May 2000 16:22:21 -0700 From: Jan Koum <jkb@ethereal.net> To: freebsd-net@freebsd.org Subject: possible /etc/rc.firewall bug? Message-ID: <20000506162221.B45391@ethereal.net>
next in thread | raw e-mail | index | archive | help
i just noticed something. if you setup natd and ipfw, you end up with:
# ipfw -a l
00100 677369 166815520 divert 8668 ip from any to any via ed0
00100 397358 45078874 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
65000 1709011 373169093 allow ip from any to any
65535 0 0 deny ip from any to any
two rules with number 100 -- i suggest moving divert rule to 50 by changing
${fwcmd} add divert natd all from any to any via ${natd_interface}
to:
${fwcmd} add 50 divert natd all from any to any via ${natd_interface}
of course another way to do this is to remove #'s from following rules:
${fwcmd} add 100 pass all from any to any via lo0
${fwcmd} add 200 deny all from any to 127.0.0.0/8
thanks,
-- yan
p.s. - this is 4.0 box with rc.firewall:
# $FreeBSD: src/etc/rc.firewall,v 1.30 2000/02/06 19:24:37 paul Exp $
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000506162221.B45391>