Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 15 Aug 2004 22:20:07 +0200
From:      "Simon L. Nielsen" <simon@FreeBSD.org>
To:        Colin Alston <karnaugh@karnaugh.za.net>
Cc:        freebsd-net@freebsd.org
Subject:   Re: [FreeBSD 5.2] Bandwith and packet throttling
Message-ID:  <20040815202006.GI684@arthur.nitro.dk>
In-Reply-To: <411FBF4D.9090706@karnaugh.za.net>
References:  <4a1299a404081414287a9ecbc@mail.gmail.com> <20040815104243.GA43915@shellma.zin.lublin.pl> <4a1299a4040815113178caa332@mail.gmail.com> <411FBF4D.9090706@karnaugh.za.net>
next in thread | previous in thread | raw e-mail | index | archive | help 

--TKYYegg/GYAC5JIZ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 2004.08.15 21:53:49 +0200, Colin Alston wrote:
>=20
> >Thanks for the reply. The ICMP was more experiment than anything, I've
> >sinced removed it. Here are the results of the show commands:
> >
> >cramster# ipfw show
> >00050 14819576  8458459132 divert 8668 ip from any to any via dc0
> >00100      250       32470 allow ip from any to any via lo0
> >00200        0           0 deny ip from any to 127.0.0.0/8
> >00300        0           0 deny ip from 127.0.0.0/8 to any
> >65000 44478701 31835950367 allow ip from any to any
> >65100        0           0 pipe 1 ip from 10.0.0.8 to any
> >65200        0           0 pipe 2 ip from any to 10.0.0.8
> >65535        0           0 deny ip from any to any
> >
> I think you're clearly being a bit silly here.
> Remove rules 00200 and 00300 (I dont know why on this green earth you'd
> deny loopback)

Eh, that's not silly at all; that the default firewall rules from a
stock /etc/rc.firewall on FreeBSD.  Note rule 100 which allows
loopback traffic.  Rule 200/300 just makes sure nobody tries to spoof
loopback traffic from a real network interface.

[simon@arthur:~] sudo ipfw list | head -n 3
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any

--=20
Simon L. Nielsen
FreeBSD Documentation Team

--TKYYegg/GYAC5JIZ
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFBH8V2h9pcDSc1mlERAgraAJ9FMpIC60vBJKWswkxwGAqD5odZhQCfcfDT
1gN6/4sEFddN3atuvFdopcI=
=nBG+
-----END PGP SIGNATURE-----

--TKYYegg/GYAC5JIZ--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040815202006.GI684>