From owner-freebsd-ipfw@FreeBSD.ORG Mon Dec 22 11:02:37 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A336416A4CE for ; Mon, 22 Dec 2003 11:02:37 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 08FF143D69 for ; Mon, 22 Dec 2003 11:02:17 -0800 (PST) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.10/8.12.10) with ESMTP id hBMJ1iFR067759 for ; Mon, 22 Dec 2003 11:01:44 -0800 (PST) (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.12.10/8.12.10/Submit) id hBMJ1iug067752 for ipfw@freebsd.org; Mon, 22 Dec 2003 11:01:44 -0800 (PST) (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 22 Dec 2003 11:01:44 -0800 (PST) Message-Id: <200312221901.hBMJ1iug067752@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: ipfw@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Dec 2003 19:02:37 -0000 Current FreeBSD problem reports Critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/03/23] kern/50216 ipfw kernel panic on 5.0-current when use ipfw 1 problem total. Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2002/12/27] kern/46557 ipfw ipfw pipe show fails with lots of queues o [2003/04/22] kern/51274 ipfw ipfw2 create dynamic rules with parent nu f [2003/04/24] kern/51341 ipfw ipfw rule 'deny icmp from any to any icmp 3 problems total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- a [2001/04/13] kern/26534 ipfw Add an option to ipfw to log gid/uid of w o [2002/12/07] kern/46080 ipfw [PATCH] logamount in ipfw2 does not defau o [2002/12/10] kern/46159 ipfw ipfw dynamic rules lifetime feature o [2002/12/27] kern/46564 ipfw IPFilter and IPFW processing order is not o [2003/02/11] kern/48172 ipfw ipfw does not log size and flags o [2003/03/10] kern/49086 ipfw [patch] Make ipfw2 log to different syslo o [2003/03/12] bin/49959 ipfw ipfw tee port rule skips parsing next rul o [2003/04/09] bin/50749 ipfw ipfw2 incorrectly parses ports and port r o [2003/08/25] kern/55984 ipfw [patch] time based firewalling support fo 9 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon Dec 22 12:09:56 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8916C16A4CE; Mon, 22 Dec 2003 12:09:56 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id BFB5F43D54; Mon, 22 Dec 2003 12:09:55 -0800 (PST) (envelope-from andre@FreeBSD.org) Received: from freefall.freebsd.org (andre@localhost [127.0.0.1]) hBMK9tFR078483; Mon, 22 Dec 2003 12:09:55 -0800 (PST) (envelope-from andre@freefall.freebsd.org) Received: (from andre@localhost) by freefall.freebsd.org (8.12.10/8.12.10/Submit) id hBMK9tTZ078479; Mon, 22 Dec 2003 12:09:55 -0800 (PST) (envelope-from andre) Date: Mon, 22 Dec 2003 12:09:55 -0800 (PST) From: Andre Oppermann Message-Id: <200312222009.hBMK9tTZ078479@freefall.freebsd.org> To: lazykang@hotmail.com, andre@FreeBSD.org, ipfw@FreeBSD.org, andre@FreeBSD.org Subject: Re: kern/50216: kernel panic on 5.0-current when use ipfw2 with dynamic rules X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Dec 2003 20:09:56 -0000 Synopsis: kernel panic on 5.0-current when use ipfw2 with dynamic rules State-Changed-From-To: open->closed State-Changed-By: andre State-Changed-When: Mon Dec 22 12:08:41 PST 2003 State-Changed-Why: Revision 1.40 of netinet/ip_fw2.c fixes this for -CURRENT too. Closing case. Responsible-Changed-From-To: ipfw->andre Responsible-Changed-By: andre Responsible-Changed-When: Mon Dec 22 12:08:41 PST 2003 Responsible-Changed-Why: Revision 1.40 of netinet/ip_fw2.c fixes this for -CURRENT too. Closing case. http://www.freebsd.org/cgi/query-pr.cgi?pr=50216 From owner-freebsd-ipfw@FreeBSD.ORG Tue Dec 23 02:55:54 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D833D16A4CE for ; Tue, 23 Dec 2003 02:55:54 -0800 (PST) Received: from tequila.4you.lt (tequila.4you.lt [212.122.68.216]) by mx1.FreeBSD.org (Postfix) with SMTP id B608743D31 for ; Tue, 23 Dec 2003 02:55:50 -0800 (PST) (envelope-from hugle@vkt.lt) Received: (qmail 23708 invoked by uid 0); 23 Dec 2003 10:51:45 -0000 Received: from hugle@vkt.lt by tequila by uid 82 with qmail-scanner-1.20rc1 (. Clear:RC:1:. Processed in 0.584648 secs); 23 Dec 2003 10:51:45 -0000 Received: from unknown (HELO 127.0.0.1) (213.252.192.162) by tequila.4you.lt with SMTP; 23 Dec 2003 10:51:45 -0000 Date: Tue, 23 Dec 2003 02:55:10 -0800 From: hugle X-Mailer: The Bat! (v2.01) X-Priority: 3 (Normal) Message-ID: <19235318750.20031223025510@vkt.lt> To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: ipfw forward command? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: hugle List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2003 10:55:55 -0000 Hello. As I understoon, ipfw's forward command goes before ipnat How i can make it go in some other direction (ipnat then ipfw fwd)? cause firstly I'd like to NAT packets and then forward them to needed gateway. But since forward happens before NAT this can't be done, and packets don't get forwarded to needed gw default gw x.x.x.161 ip x.x.x.162 second gw x.x.x.141 ip x.x.x.142 third gw y.y.y.1 ip y.y.y.59 Any ideas? -- Best regards,Hugle From owner-freebsd-ipfw@FreeBSD.ORG Tue Dec 23 07:20:38 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F397416A4CE for ; Tue, 23 Dec 2003 07:20:37 -0800 (PST) Received: from ip-213-17-211-16.broker.com.pl (ip-213-17-211-16.broker.com.pl [213.17.211.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 55AB443D7E for ; Tue, 23 Dec 2003 07:20:13 -0800 (PST) (envelope-from zk@wspim.edu.pl) Received: from hhos.serious.ld (localhost.serious.ld [127.0.0.1]) hBNFJVGQ001284 for ; Tue, 23 Dec 2003 16:19:31 +0100 (CET) (envelope-from zk@wspim.edu.pl) Received: (from zk@localhost) by hhos.serious.ld (8.12.9p2/8.12.8/Submit) id hBNFJVf2001283 for freebsd-ipfw@freebsd.org; Tue, 23 Dec 2003 16:19:31 +0100 (CET) Date: Tue, 23 Dec 2003 16:19:31 +0100 From: zk To: freebsd-ipfw@freebsd.org Message-ID: <20031223151931.GC274@hhos.serious.ld> References: <19235318750.20031223025510@vkt.lt> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <19235318750.20031223025510@vkt.lt> User-Agent: Mutt/1.4.1i Subject: Re: ipfw forward command? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2003 15:20:38 -0000 On Tue, Dec 23, 2003 at 02:55:10AM -0800, hugle wrote: > Hello. > As I understoon, ipfw's forward command goes before ipnat > How i can make it go in some other direction (ipnat then ipfw fwd)? > cause firstly I'd like to NAT packets and then forward them to needed > gateway. But since forward happens before NAT this can't be done, and > packets don't get forwarded to needed gw > default gw x.x.x.161 ip x.x.x.162 > second gw x.x.x.141 ip x.x.x.142 > third gw y.y.y.1 ip y.y.y.59 > > Any ideas? You can use ipfw divert with natd and put it before ipfw fwd. zk From owner-freebsd-ipfw@FreeBSD.ORG Tue Dec 23 14:10:10 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D4CE616A4CE for ; Tue, 23 Dec 2003 14:10:10 -0800 (PST) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 61AA343D55 for ; Tue, 23 Dec 2003 14:10:09 -0800 (PST) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id BC1CB1FF91D for ; Tue, 23 Dec 2003 23:10:07 +0100 (CET) Received: by transport.cksoft.de (Postfix, from userid 66) id 393011FF90C; Tue, 23 Dec 2003 23:10:06 +0100 (CET) Received: by mail.int.zabbadoz.net (Postfix, from userid 1060) id 708FC154D6; Tue, 23 Dec 2003 22:09:42 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.int.zabbadoz.net (Postfix) with ESMTP id 66805153EB for ; Tue, 23 Dec 2003 22:09:43 +0000 (UTC) Date: Tue, 23 Dec 2003 22:09:43 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@e0-0.zab2.int.zabbadoz.net To: ipfw@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de Subject: Need s.o. for forgotten MfC X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2003 22:10:10 -0000 Hi, can someone please MfC this (one liner) http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_fw2.c.diff?r1=1.50&r2=1.51&f=h to 4-STABLE. TIA. -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT 56 69 73 69 74 http://www.zabbadoz.net/ From owner-freebsd-ipfw@FreeBSD.ORG Tue Dec 23 14:30:17 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4034316A4CE for ; Tue, 23 Dec 2003 14:30:17 -0800 (PST) Received: from skywalker.rogness.net (skywalker.rogness.net [64.251.173.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6A15343D39 for ; Tue, 23 Dec 2003 14:30:15 -0800 (PST) (envelope-from nick@rogness.net) Received: from skywalker.rogness.net (localhost.localdomain [127.0.0.1]) by skywalker.rogness.net (8.12.8/8.12.5) with ESMTP id hBNMWUPb010891; Tue, 23 Dec 2003 15:32:30 -0700 (envelope-from nick@rogness.net) Received: from localhost (nick@localhost)hBNMWU5N010887; Tue, 23 Dec 2003 15:32:30 -0700 X-Authentication-Warning: skywalker.rogness.net: nick owned process doing -bs Date: Tue, 23 Dec 2003 15:32:29 -0700 (MST) From: Nick Rogness To: hugle In-Reply-To: <19235318750.20031223025510@vkt.lt> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw forward command? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2003 22:30:17 -0000 On Tue, 23 Dec 2003, hugle wrote: > Hello. > As I understoon, ipfw's forward command goes before ipnat > How i can make it go in some other direction (ipnat then ipfw fwd)? > cause firstly I'd like to NAT packets and then forward them to needed > gateway. But since forward happens before NAT this can't be done, and > packets don't get forwarded to needed gw > default gw x.x.x.161 ip x.x.x.162 > second gw x.x.x.141 ip x.x.x.142 > third gw y.y.y.1 ip y.y.y.59 Any specific reason why you are using ipfw fwd instead of ipf forwarding? -- Nick Rogness - How many people here have telekenetic powers? Raise my hand. -Emo Philips From owner-freebsd-ipfw@FreeBSD.ORG Tue Dec 23 22:16:11 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B65DF16A4CE for ; Tue, 23 Dec 2003 22:16:11 -0800 (PST) Received: from tequila.4you.lt (tequila.4you.lt [212.122.68.216]) by mx1.FreeBSD.org (Postfix) with SMTP id 6ABD943D3F for ; Tue, 23 Dec 2003 22:16:09 -0800 (PST) (envelope-from hugle@vkt.lt) Received: (qmail 70367 invoked by uid 0); 24 Dec 2003 06:11:57 -0000 Received: from hugle@vkt.lt by tequila by uid 82 with qmail-scanner-1.20rc1 (. Clear:RC:1:. Processed in 0.060525 secs); 24 Dec 2003 06:11:57 -0000 Received: from unknown (HELO 127.0.0.1) (213.252.192.162) by tequila.4you.lt with SMTP; 24 Dec 2003 06:11:57 -0000 Date: Tue, 23 Dec 2003 22:15:25 -0800 From: hugle X-Mailer: The Bat! (v2.01) X-Priority: 3 (Normal) Message-ID: <155304934432.20031223221525@vkt.lt> To: zk , freebsd-ipfw@freebsd.org In-Reply-To: <20031223151931.GC274@hhos.serious.ld> References: <19235318750.20031223025510@vkt.lt> <20031223151931.GC274@hhos.serious.ld> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Re[2]: ipfw forward command? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: hugle List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Dec 2003 06:16:11 -0000 z> On Tue, Dec 23, 2003 at 02:55:10AM -0800, hugle wrote: >> Hello. >> As I understoon, ipfw's forward command goes before ipnat >> How i can make it go in some other direction (ipnat then ipfw fwd)? >> cause firstly I'd like to NAT packets and then forward them to needed >> gateway. But since forward happens before NAT this can't be done, and >> packets don't get forwarded to needed gw >> default gw x.x.x.161 ip x.x.x.162 >> second gw x.x.x.141 ip x.x.x.142 >> third gw y.y.y.1 ip y.y.y.59 >> >> Any ideas? z> You can use ipfw divert with natd and put it before ipfw fwd. I'd like to, but: I need working oidentd daemon, and this daemon doesn't work with natd. So I'm using ipnat. any ideas? Hugle z> zk z> _______________________________________________ z> freebsd-ipfw@freebsd.org mailing list z> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw z> To unsubscribe, send any mail to z> "freebsd-ipfw-unsubscribe@freebsd.org" From owner-freebsd-ipfw@FreeBSD.ORG Tue Dec 23 22:39:16 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6DFDB16A4CE for ; Tue, 23 Dec 2003 22:39:16 -0800 (PST) Received: from tequila.4you.lt (tequila.4you.lt [212.122.68.216]) by mx1.FreeBSD.org (Postfix) with SMTP id 38ED043D2F for ; Tue, 23 Dec 2003 22:39:13 -0800 (PST) (envelope-from hugle@vkt.lt) Received: (qmail 71018 invoked by uid 0); 24 Dec 2003 06:35:02 -0000 Received: from hugle@vkt.lt by tequila by uid 82 with qmail-scanner-1.20rc1 (. Clear:RC:1:. Processed in 0.176476 secs); 24 Dec 2003 06:35:02 -0000 Received: from unknown (HELO 127.0.0.1) (213.252.192.162) by tequila.4you.lt with SMTP; 24 Dec 2003 06:35:02 -0000 Date: Tue, 23 Dec 2003 22:38:32 -0800 From: hugle X-Mailer: The Bat! (v2.01) X-Priority: 3 (Normal) Message-ID: <119306321256.20031223223832@vkt.lt> To: freebsd-ipfw@freebsd.org In-Reply-To: References: <19235318750.20031223025510@vkt.lt> MIME-Version: 1.0 Content-Type: text/plain; charset=Windows-1251 Content-Transfer-Encoding: 8bit Subject: Re[2]: ipfw forward command? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: hugle List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Dec 2003 06:39:16 -0000 NR> On Tue, 23 Dec 2003, hugle wrote: >> Hello. >> As I understoon, ipfw's forward command goes before ipnat >> How i can make it go in some other direction (ipnat then ipfw fwd)? >> cause firstly I'd like to NAT packets and then forward them to needed >> gateway. But since forward happens before NAT this can't be done, and >> packets don't get forwarded to needed gw >> default gw x.x.x.161 ip x.x.x.162 >> second gw x.x.x.141 ip x.x.x.142 >> third gw y.y.y.1 ip y.y.y.59 NR> Any specific reason why you are using ipfw fwd instead of ipf NR> forwarding? Actualy didn't find ipf's forward rule. Could you plz give me an example? I only found redirect in ipant, but it is not what i'm ooking for. Thx, hugle From owner-freebsd-ipfw@FreeBSD.ORG Wed Dec 24 02:01:50 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CDA4416A4CE for ; Wed, 24 Dec 2003 02:01:50 -0800 (PST) Received: from nanguo.chalmers.com.au (220-244-9-90-qld.tpgi.com.au [220.244.9.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3CDE343D66 for ; Wed, 24 Dec 2003 02:01:47 -0800 (PST) (envelope-from robert@chalmers.com.au) Received: from carbon (carbon.chalmers.com.au [203.1.96.26]) hBOA1jEH000484 for ; Wed, 24 Dec 2003 20:01:45 +1000 (EST) Message-ID: <002a01c3ca04$f0692b50$1a6001cb@chalmers.com.au> From: "Robert Chalmers" To: Date: Wed, 24 Dec 2003 20:01:45 +1000 Organization: The Mission of Our Lady of Fatima MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Why is this blocking ALL activity? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Robert Chalmers List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Dec 2003 10:01:51 -0000 I can't get the List: syntax to work... RC> This works, RC> ${fwcmd} add deny log all from any to 203.1.96.1 in via = ${oif} but this doesn't ${fwcmd} add deny log all from any to = 203.1.96.0/24{6-25,27-154,156-199,204-254} in via ${oif} Can someone tell my what I'm doing wrong please ? I'm trying to block any sort of access to a range of internal IP = addresses. RC> As an example, an address specified as = 1.2.3.4/24{128,35-55,89} RC> will match the following IP addresses: RC> 1.2.3.128, 1.2.3.35 to 1.2.3.55, 1.2.3.89 . Thanks Robert --- The Mission of Our Lady of Fatima. http://www.the-mission-of-our-lady-of-fatima.org "I come from Heaven. I am the Lady of The Rosary" From owner-freebsd-ipfw@FreeBSD.ORG Fri Dec 26 13:35:06 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D033616A4CE for ; Fri, 26 Dec 2003 13:35:06 -0800 (PST) Received: from hirsch.in-berlin.de (hirsch.in-berlin.de [192.109.42.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id C3F1B43D49 for ; Fri, 26 Dec 2003 13:35:03 -0800 (PST) (envelope-from bs@dva.in-berlin.de) X-Envelope-From: bs@dva.in-berlin.de X-Envelope-To: Received: from hirsch.in-berlin.de (localhost [127.0.0.1]) hBQLZ1u4031262 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Fri, 26 Dec 2003 22:35:01 +0100 Received: (from uucp@localhost)hBQLZ1hv031258 for freebsd-ipfw@freebsd.org; Fri, 26 Dec 2003 22:35:01 +0100 Received: from dva.intranet.local (dva.intranet.local [10.0.0.10]) by dva.in-berlin.de (Postfix) with ESMTP id 793E628620 for ; Fri, 26 Dec 2003 22:29:55 +0100 (CET) From: Boris Staeblow To: freebsd-ipfw@freebsd.org Date: Fri, 26 Dec 2003 22:29:55 +0100 User-Agent: KMail/1.5.4 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit Content-Disposition: inline Message-Id: <200312262229.55270.bs@dva.in-berlin.de> X-Scanned-By: MIMEDefang 2.38 Subject: need testers for a ipfw rule generation script! X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Dec 2003 21:35:07 -0000 Hello, I need some testers for a ipfw rule generation script. Because I have to administer some dialup internet-routers based on FreeBSD I ´ve written this script to simplify the ipfw rule maintainance. Many rules are collected from serval FreeBSD forums, HOWTO´S and man-pages. here is the README: FIRE V1.07, 23 Dec. 2003, first public release ---------------------------------------------- The "fire" script creates a set of ipfw rules dynamically, depending of the settings in the main configuration file. Although this script is flexible, the main target is a single local network with internet-access over an internet-connected device (usually tunX from ppp) - Of course I`m grateful for improvements, as I´m not a firewall and script expert! - Forgive any mistake in writing. - DO NOT TRUST THE RESULTING IPFW-RULES BLINDLY!!! CHECK RULES WITH "ipfw list"! - USE THIS SCRIPT AT YOUR OWN RISK! - Send comments, suggestions and diff´s to bs at dva.in-berlin.de :) download the latest version at http://dva.dyndns.org Boris From owner-freebsd-ipfw@FreeBSD.ORG Fri Dec 26 14:23:42 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 11C6B16A4CE for ; Fri, 26 Dec 2003 14:23:42 -0800 (PST) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5B97743D31 for ; Fri, 26 Dec 2003 14:23:40 -0800 (PST) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id 481821FF90C; Fri, 26 Dec 2003 23:23:38 +0100 (CET) Received: by transport.cksoft.de (Postfix, from userid 66) id B2CEA1FF931; Fri, 26 Dec 2003 23:23:36 +0100 (CET) Received: by mail.int.zabbadoz.net (Postfix, from userid 1060) id 4B366154D6; Fri, 26 Dec 2003 22:23:28 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.int.zabbadoz.net (Postfix) with ESMTP id 3FF79153EB; Fri, 26 Dec 2003 22:23:28 +0000 (UTC) Date: Fri, 26 Dec 2003 22:23:28 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@e0-0.zab2.int.zabbadoz.net To: Boris Staeblow In-Reply-To: <200312262229.55270.bs@dva.in-berlin.de> Message-ID: References: <200312262229.55270.bs@dva.in-berlin.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de cc: freebsd-ipfw@freebsd.org Subject: Re: need testers for a ipfw rule generation script! X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Dec 2003 22:23:42 -0000 On Fri, 26 Dec 2003, Boris Staeblow wrote: > I need some testers for a ipfw rule generation script. > Because I have to administer some dialup internet-routers based on FreeBS= D I > =B4ve > written this script to simplify the ipfw rule maintainance. > Many rules are collected from serval FreeBSD forums, HOWTO=B4S and man-pa= ges. I have just scrolled through this thing with pg_down and did not read it but there are things that always catch one's eye: please write 1000x times[1]: port 136 is neither netbios nor microsoft ! write it like this: 135,137-139,445 [1] the use of scripting languages is permitted ;-))) --=20 Bjoern A. Zeeb=09=09=09=09bzeeb at Zabbadoz dot NeT 56 69 73 69 74=09=09=09=09http://www.zabbadoz.net/ From owner-freebsd-ipfw@FreeBSD.ORG Sat Dec 27 05:00:06 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 115C216A4CE for ; Sat, 27 Dec 2003 05:00:06 -0800 (PST) Received: from hirsch.in-berlin.de (hirsch.in-berlin.de [192.109.42.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0CF3D43D3F for ; Sat, 27 Dec 2003 05:00:04 -0800 (PST) (envelope-from bs@dva.in-berlin.de) X-Envelope-From: bs@dva.in-berlin.de Received: from hirsch.in-berlin.de (localhost [127.0.0.1]) hBRD02al027181 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sat, 27 Dec 2003 14:00:02 +0100 Received: (from uucp@localhost)hBRD02BY027156; Sat, 27 Dec 2003 14:00:02 +0100 Received: from dva.intranet.local (dva.intranet.local [10.0.0.10]) by dva.in-berlin.de (Postfix) with ESMTP id 7862428652; Sat, 27 Dec 2003 13:58:07 +0100 (CET) From: Boris Staeblow To: "Bjoern A. Zeeb" Date: Sat, 27 Dec 2003 13:58:07 +0100 User-Agent: KMail/1.5.4 References: <200312262229.55270.bs@dva.in-berlin.de> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit Content-Disposition: inline Message-Id: <200312271358.07193.bs@dva.in-berlin.de> X-Scanned-By: MIMEDefang 2.38 cc: freebsd-ipfw@freebsd.org Subject: Re: need testers for a ipfw rule generation script! X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Dec 2003 13:00:06 -0000 On Freitag, 26. Dezember 2003 23:23, Bjoern A. Zeeb wrote: > write it like this: 135,137-139,445 ok, it´s on my todo-list for the next release! Thank you... Boris