On 2004.08.15 21:53:49 +0200, Colin Alston wrote: > > >Thanks for the reply. The ICMP was more experiment than anything, I've > >sinced removed it. Here are the results of the show commands: > > > >cramster# ipfw show > >00050 14819576 8458459132 divert 8668 ip from any to any via dc0 > >00100 250 32470 allow ip from any to any via lo0 > >00200 0 0 deny ip from any to 127.0.0.0/8 > >00300 0 0 deny ip from 127.0.0.0/8 to any > >65000 44478701 31835950367 allow ip from any to any > >65100 0 0 pipe 1 ip from 10.0.0.8 to any > >65200 0 0 pipe 2 ip from any to 10.0.0.8 > >65535 0 0 deny ip from any to any > > > I think you're clearly being a bit silly here. > Remove rules 00200 and 00300 (I dont know why on this green earth you'd > deny loopback)
Eh, that's not silly at all; that the default firewall rules from a stock /etc/rc.firewall on FreeBSD. Note rule 100 which allows loopback traffic. Rule 200/300 just makes sure nobody tries to spoof loopback traffic from a real network interface. [EMAIL PROTECTED]:~] sudo ipfw list | head -n 3 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any -- Simon L. Nielsen FreeBSD Documentation Team
pgpq0FyWoZ7u4.pgp
Description: PGP signature
