Date: Thu, 27 Jun 1996 23:35:54 -0700 From: Poul-Henning Kamp <phk@FreeBSD.ORG> To: Nate Williams <nate@mt.sri.com> Cc: current@FreeBSD.ORG, alex@FreeBSD.ORG Subject: Re: IPFW bugs? Message-ID: <4616.835943754@critter.tfs.com> In-Reply-To: Your message of "Fri, 28 Jun 1996 00:06:54 MDT." <199606280606.AAA13890@rocky.mt.sri.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199606280606.AAA13890@rocky.mt.sri.com>, Nate Williams writes: >> > Add "log" to all rules and see which number lets you though. >> >> Ahh, I didn't realize you could 'log' accept rules. I'll do that. > >OK, here's the rule that let's *EVERYTHING* through. > ># Should be allowing DNS through, which can be either UDP/TCP >ipfw add 21 pass log all from any 53 to any via $1 Yes, (I just talk(1)'ed Nate). The curent implentation doesn't complain about "over-specified" rules. The portnumber isn't used with "all" as protocol. ipfw and the kernel should both complain about such a rule being set. -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@ref.tfs.com TRW Financial Systems, Inc. Future will arrive by its own means, progress not so.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4616.835943754>