Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 3 Oct 2006 15:08:07 +1000
From:      Norberto Meijome <freebsd@meijome.net>
To:        freebsd-questions@freebsd.org
Cc:        Vittorio <vdemart1@tin.it>
Subject:   Re: ipfw & cups
Message-ID:  <20061003150807.21598eeb@localhost>
In-Reply-To: <10e099e37d6.vdemart1@tin.it>
References:  <10e099e37d6.vdemart1@tin.it>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Mon, 2 Oct 2006 16:22:13 +0100 (GMT+01:00)
Vittorio <vdemart1@tin.it> wrote:

> To my ipfw firewall I have added, according to what I found in the 
> internet, the following rule to allow the use of cupsd on the same box:
> 
> 00520 allow ip from any to any dst-port 631 in
> 
> to no avail because it 
> is not even checked as you can see below from the log (obtained from 
> kde kcontrol center trying (and failing) to display the connected cups' 
> printers):
> 
> Am I missing something?
> What should I do?
> Ciao
> Vittorio
> ......................................
> NbBSD# ipfw -td list
> 00500                         check-state
> 00501 Mon Oct  2 17:10:13 
> 2006 deny tcp from any to any established
> 00502                         
> deny ip from any to any frag
> 00503 Mon Oct  2 17:10:13 2006 allow ip 
> from any to any via lo0
> 00514                         deny ip from any 
> to any not verrevpath in
> 00520                         allow ip from 
> any to any dst-port 631 in
> 00525                         deny ip from 
> any to 127.0.0.0/8
> .......................................................................
> .......................................................................
> 00609                         allow tcp from 10.155.102.6 1491 to any
> 00610                         allow tcp from me to any dst-port 53 out 
> via fxp0 keep-state
> 00612                         allow udp from me to 
> any dst-port 53 out via fxp0 keep-state
> 00700                         
> allow icmp from 10.155.0.0/16 to any via fxp0
> 65535 Mon Oct  2 17:10:13 
> 2006 deny ip from any to any

can you please send your rules again , making sure there is no dates inserted
all over the place? 
thx
_________________________
{Beto|Norberto|Numard} Meijome

"Throughout the centuries there were [people] who took first steps down new
paths armed only with their own vision." Ayn Rand

I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20061003150807.21598eeb>