Date: Sun, 15 Feb 2004 03:09:13 +0100 From: Erik Trulsson <ertr1013@student.uu.se> To: Eric F Crist <ecrist@adtechintegrated.com> Cc: freebsd-questions@freebsd.org Subject: Re: continued IPFW issues... (actually a lack of ability on my part) Message-ID: <20040215020913.GA56178@falcon.midgard.homeip.net> In-Reply-To: <200402142001.13194.ecrist@adtechintegrated.com> References: <20040214233615.GB38665@users.munk.nu> <200402141942.38712.ecrist@adtechintegrated.com> <20040215015007.GA53079@falcon.midgard.homeip.net> <200402142001.13194.ecrist@adtechintegrated.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Feb 14, 2004 at 08:01:07PM -0600, Eric F Crist wrote: > My bad, I found the log entry after your prodding. After enabling logging in > the ruleset and enabling the sysctl variable, I get the following output in a > tail /var/log/security: > > Feb 14 19:59:44 grog kernel: ipfw: 65534 Deny UDP 192.168.0.1:51598 > 255.255.255.255:61112 in via dc0 > Feb 14 19:59:45 grog kernel: ipfw: 65534 Deny UDP 204.147.80.1:53 > 63.228.14.241:49152 in via dc0 > Feb 14 19:59:46 grog kernel: ipfw: 65534 Deny UDP 204.127.202.4:53 > 63.228.14.241:49152 in via dc0 > Feb 14 19:59:50 grog kernel: ipfw: 65534 Deny UDP 192.168.0.1:51599 > 255.255.255.255:61112 in via dc0 > Feb 14 19:59:55 grog kernel: ipfw: 65534 Deny UDP 204.127.202.4:53 > 63.228.14.241:49152 in via dc0 > Feb 14 19:59:56 grog kernel: ipfw: 65534 Deny UDP 192.168.0.1:51600 > 255.255.255.255:61112 in via dc0 > Feb 14 19:59:59 grog kernel: ipfw: 65534 Deny UDP 204.147.80.5:53 > 63.228.14.241:49152 in via dc0 > Feb 14 20:00:02 grog kernel: ipfw: 65534 Deny UDP 204.147.80.5:53 > 63.228.14.241:49152 in via dc0 > Feb 14 20:00:02 grog kernel: ipfw: 65534 Deny UDP 192.168.0.1:51601 > 255.255.255.255:61112 in via dc0 > Feb 14 20:00:03 grog kernel: ipfw: 65534 Deny UDP 204.147.80.1:53 > 63.228.14.241:49152 in via dc0 > > I would assume I need to enable a rule such as: > > ipfw add allow udp from any to me 53 > > Is this correct? TIA I don't think so. The entries of the form 'Deny UDP 204.147.80.1:53 63.228.14.241:49152 in via dc0' would appear to be replies to your DNS queries. They go to the port from which the DNS query was sent (49152 in this case). You need to make sure that you allow replies to connections you initiate to get through. Take a look at the check-state/established/keepstate stuff people have repeatedly told you to use. They are probably what you want. -- <Insert your favourite quote here.> Erik Trulsson ertr1013@student.uu.se
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040215020913.GA56178>