Date: Wed, 27 Aug 2003 14:45:51 +0200 From: Ruben de Groot <mail23@bzerk.org> To: freebsd-questions@freebsd.org Cc: Vitali Malicky <life@zone3000.net> Subject: Re: Correct syntax for ipfw to allow local traffic? Message-ID: <20030827124551.GA56616@ei.bzerk.org> In-Reply-To: <003601c36c91$2eb13910$2401010a@zone3000.net> References: <2676.193.166.135.194.1061983372.squirrel@silakka.nettikala.fi> <003601c36c91$2eb13910$2401010a@zone3000.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Aug 27, 2003 at 02:48:50PM +0300, Vitali Malicky typed: > > > Hi all, > Hi! > > > > > I have > > 00100 allow ip from any to any via lo0 > > in my firewall script. But although I get lines like > > > > silakka /kernel: Connection attempt to TCP 127.0.0.1:2000 from > 127.0.0.1:3914 > > > > into my messages log. It is jsst like the firewall although blocks local > > traffic. What should I add or modify to allow traffic via loopback and/or > > from and to 127.0.0.1 ? > > /sbin/ipfw -q add 00001 allow ip from 127.0.0.1 to 127.0.0.1 via lo0 This won't help. He allready allows "any to any via lo0". Anyway, it's not the firewall logging these "Connection attempt to" lines to /var/log/messages. What happens here is some proces tries to make a connection on a port where no other proces is listening. There can be many reasons for this. If you don't want to see these messages anymore put the line net.inet.tcp.log_in_vain=0 in /etc/sysctl.conf Ruben > ========= > > I usually configure tyhe firewall in /etc/rc.firewall. > > when I modify firewall rules on the remote servers I responsible of, first I > make a copy of rc.firewall, say, rc.firewall.new and make all necessary > changes in _this_ file, then I run "shutdown -r +5min" and only after that > I execute /etc/rc.firewall.new > # /etc/rc.firewall.new nohup & > if it's alright and I'm still there on the server I just kill the shutdown > process, if not, the machine reboots with the old rules... > > Best of luck! > > > > > > > > > Regards, > > > > Johan Paul > > > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030827124551.GA56616>