From owner-freebsd-questions@FreeBSD.ORG Wed Oct 4 16:35:55 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7016516A4EF for ; Wed, 4 Oct 2006 16:35:55 +0000 (UTC) (envelope-from vdemart1@tin.it) Received: from vsmtp12.tin.it (vsmtp12.tin.it [212.216.176.206]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9399243D9A for ; Wed, 4 Oct 2006 16:35:10 +0000 (GMT) (envelope-from vdemart1@tin.it) Received: from [10.155.100.8] (87.1.223.248) by vsmtp12.tin.it (7.2.072.1) (authenticated as vdemart1@tin.it) id 451BEC630046D685 for freebsd-questions@freebsd.org; Wed, 4 Oct 2006 18:32:02 +0200 From: vittorio To: freebsd-questions@freebsd.org Date: Wed, 4 Oct 2006 18:32:01 +0000 User-Agent: KMail/1.9.4 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200610041832.02074.vdemart1@tin.it> Subject: ipfw & cups X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Oct 2006 16:35:55 -0000 As an IPFW newbye with the following rules I'm unable to use cupsd in the same box where ipfw is running; cups seems to hang endlessly (rule 631 is about the port 631). What ami I missing Ciao Vittorio # ipfw list 00500 check-state 00501 deny tcp from any to any established 00502 deny ip from any to any frag 00503 allow ip from any to any via lo0 00504 deny ip from any to any not verrevpath in 00505 deny ip from any to 127.0.0.0/8 00508 deny ip from 127.0.0.0/8 to any 00590 allow tcp from 10.155.100.0/24 to me dst-port 22,80 via iwi0 setup keep-state 00595 allow tcp from me to any dst-port 22,80,443 via iwi0 setup keep-state 00597 allow ip from me to any dst-port 20,21 out setup keep-state 00601 allow tcp from 10.155.100.0/24 to me dst-port 81,137-139,445 via iwi0 setup keep-state 00602 allow udp from 10.155.100.0/24 to me dst-port 123,81,137,138,139,445 via iwi0 setup keep-state 00603 allow tcp from me to 10.155.100.0/24 dst-port 81,137-139,445 via iwi0 setup keep-state 00604 allow udp from me to 10.155.100.0/24 dst-port 123,81,137,138,139,445 via iwi0 setup keep-state 00605 allow tcp from 10.155.100.0/24 to me dst-port 1024,5432,5900-5909 via iwi0 setup keep-state 00607 allow udp from 10.155.100.0/24 to me dst-port 1024,5432,5900-5909 via iwi0 setup keep-state 00608 allow tcp from any to 10.155.100.33 dst-port 1491 00609 allow tcp from 10.155.100.33 1491 to any 00610 allow tcp from me to any dst-port 53 out via iwi0 keep-state 00612 allow udp from me to any dst-port 53 out via iwi0 keep-state 00631 allow tcp from 10.155.100.0/24 to me dst-port 631 00650 allow tcp from any to any dst-port 25 out via iwi0 setup keep-state 00655 allow tcp from any to any dst-port 110 out via iwi0 setup keep-state 00700 allow icmp from 10.155.100.0/24 to any via iwi0 65535 deny ip from any to any