Date: Tue, 12 Apr 2005 23:55:46 -0400 From: Parv <parv@pair.com> To: Francis Whittington <fewjr@adelphia.net> Cc: freebsd-questions@freebsd.org Subject: Re: ipf.rules Message-ID: <20050413035546.GA3683@holestein.holy.cow> In-Reply-To: <000601c53fc3$e5367090$030a000a@CTU> References: <000601c53fc3$e5367090$030a000a@CTU>
next in thread | previous in thread | raw e-mail | index | archive | help
in message <000601c53fc3$e5367090$030a000a@CTU>, wrote Francis Whittington thusly... > > # Allow out access to my ISP's DHCP server for cable or DSL networks. ... > # Use the following rule and check log for IP address. > # Then put IP address in commented out rule & delete first rule > pass out log quick on dc0 proto udp from any to any port = 67 keep state > #pass out quick on dc0 proto udp from any to z.z.z.z port = 67 keep state > > How do I know which ip address I am looking for to put in place of > "z.z.z.z. port= 67 keep state" in the rule that is saved. Well, what does the log says as explicitly indicated in your supplied comments (marked w/ '"#")? To reiterate, 'z.z.z.z' is the address of your DHCP server. You will see it in the log as the (outside) host of which port 67 (bootps) is accessed (probably from address of 255.255.255.255). (I do not know the default log file for ipf on 5.x; i have set it manually in /etc/syslog.conf to be "ipf.log" (as the default was not a special name which would have stood out (in /var/log)).) - Parv --
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050413035546.GA3683>