From owner-freebsd-questions  Thu Sep  4 05:39:20 1997
Return-Path: <owner-freebsd-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id FAA25010
          for questions-outgoing; Thu, 4 Sep 1997 05:39:20 -0700 (PDT)
Received: from badger.tltodd.com (badger.tltodd.com [208.133.92.209])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id FAA25005
          for <freebsd-questions@freebsd.org>; Thu, 4 Sep 1997 05:39:15 -0700 (PDT)
Received: (from tlt@localhost) by badger.tltodd.com (8.8.3/8.8.3) id HAA00475 for freebsd-questions@freebsd.org; Thu, 4 Sep 1997 07:38:44 -0500 (CDT)
Date: Thu, 4 Sep 1997 07:38:44 -0500 (CDT)
From: Terry Todd <tlt@badger.tltodd.com>
Message-Id: <199709041238.HAA00475@badger.tltodd.com>
To: freebsd-questions@freebsd.org
Subject: setting up ipfw in 2.1.6
Sender: owner-freebsd-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


Thanks for all the replies to my question about disallowing IRC.
My daughter spends way too much time on IRC so I now have a way
to shut off only IRC at will.  She still needs to run netscape
etc. etc. to do her homework.  Here are some things I found out in
trying to make this work.  I could not get modload to load
the ipfw module.  It complained about _xxxinit was not defined
or some such thing.  I browsed LINT and figured out how to
just compile it in.  After a reboot I was all set.  I had to 
play with the rules a bit to get that working.  Here's what
I ended up with in my /etc/ipfw file that works:
  flush
  add    00100  allow     all from 127.0.0.1 to 127.0.0.1
  add    00200  deny  log tcp from any to any 6667-7000
  add    00300  deny  log tcp from any 6667-7000 to any
  add    65534  allow     all from any to any
It complained when I had all listed for the protocol.
The 200 rule works just fine.  I'm not sure I need the 300 rule.

Thanks again,
Terry Todd