>The following appears to work fine:
>ipfwadm -F -p deny
>ipfwadm -F -a m -S 192.168.0.0/24 -D 0.0.0.0/0
>Now if I add either '-V 192.168.0.1' or '-W eth1' to the second comand, all
>my client accesses fail.
Since I haven't seen any replies to this I will say what I think and perhaps
someone knowledgeable will verify if it is correct or not.
Though the documention I have seen is somewhat unclear it seems that -V and -W
apply to the interface on which a packet is received (-I rules) or sent (-O
rules). The unclear part of the documentation is that received means -I rules
and sent means -O rules. While this is not obvious in the documentation there is
a great deal of ambiguity if this is not the case. The -V and -W don't seem to
be used for -F rules. I don't remember getting any error messages and I don't
remember if they were indicated when I listed the rules, but I do remember that
they just didn't seem to work, the rule was ignored, and in your case the
default deny would apply. I think -F rules can only rely on -S and -D.
Paul Gilbert
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
