> Consider the following network configuration.
>
>
> Internet --- Gateway/Firewall -- Inside network (including a
> web host)
> 70.16.10.1/28 192.168.0.0/24
>
> The address of the outside is FICTIONAL, by the way.
>
> For policy reasons I do NOT want the gateway m
[ Charset UTF-8 unsupported, converting... ]
> On Thu, May 4, 2017 at 9:22 AM, Karl Denninger wrote:
>
> > Consider the following network configuration.
> >
> >
> > Internet --- Gateway/Firewall -- Inside network (including a
> > web host)
> > 70.16.10.1/28 192.168.0.0
>
> On 5/4/2017 12:12, Rodney W. Grimes wrote:
> >> Consider the following network configuration.
> >>
> >>
> >> Internet --- Gateway/Firewall -- Inside network (including a
> >> web host)
> >> 70.16.10.1/28
> On 5/4/2017 13:47, Rodney W. Grimes wrote:
> >> On 5/4/2017 12:12, Rodney W. Grimes wrote:
> >>>> Consider the following network configuration.
> >>>>
> >>>>
> >>>> Internet --- Gateway/Firewall -- Insid
-- Start of PGP signed section.
> The ipfw(8) man page explicitly states that rule actions:
>
> * allow | accept | pass | permit
> * deny | drop
> * divert
> * reset | reset6
> * unreach | unreach6
> * abort | abort6
>
> cause "search terminat[ion]".
>
>
> The description for "queue," however,
> On 09.01.2018 12:28, O. Hartmann wrote:
> > In section RULE OPTIONS, there is recv|xmit|via explained (a bit). There is
> > also an example:
> >
> > ipfw add deny ip from any to any out recv ed0 xmit ed1
> >
> > Can someone explain a bit more what the semantics of these is? I get
> > especiall
> Many years ago I added code to ipfw so that if -q was set it would not
> complain about
> things that were unimportant, nor would it return an error code.
> Such things include removing table entries that are already gone and
> similar sorts of 'safe' operations.
> The idea is that you can writ
> Hello,
>
> I upgraded my desktop system from FreeBSD 11.2-BETA1 last week, and I found
> the
> sysctl 'net.inet.ip.fw.dyn_keep_states' got removed. I upgraded it again to
> FreeBSD 11.2-BETA2 today, and I still could not find it. Currently I rely on
> both 'net.inet.ip.fw.default_to_accept=1' a
> On 04.07.2018 15:28, supportsobaka--- via freebsd-ipfw wrote:
> > Could you please explain whether tcpdum should see a packet dropped
> > on ipfw?
In general NO, ipfw well not see a packet that is "deny" or "drop"
by ipfw, as the bpf code is called after ipfw.
>
> tcpdump is not related to ip
> Wed, 5 Sep 2018 18:33:58 +0300 - "Andrey V. Elsukov"
> :
>
> > On 05.09.2018 12:28, Ole wrote:
> > > I understand, that this connections get broken because the dynamic
> > > rules get flushed with the `ipfw -q -f flush` command. But
> > > commenting this command out results in a continuously gr
>
> I'm setting up a new server, from scratch, and I find that it's always
> best to review relevant sections of the Handbook when doing so, especially
> if one hasn't done this fopr a long time, which I haven't.
>
> This page has me a bit puzzled:
>
>
> https://www.freebsd.org/doc/en_US.ISO8
> Oh, the problem is simply that my ISP assigns me a ::/64 but there is no
> guarantee that it's mine for the duration.
>
> I'm in the process of securing my own IPv6 block, but was hoping for an
> interim solution.
>
> One that occurred to me is to use a public ::/56 that's allocated (but
> unus
> Hi!
>
> Is it possible to bl;ock compute.amazonasws.com with ipfw firewall. I
> have a table with many amazonasws IPs but every time when I start
> Firefox it shows the new one (I am checkong with tcpdump).
Since it is almost impossible to keep up with the IP's that
this may result in perhaps c
> > On Tue, Aug 6, 2019 at 6:23 PM Rodney W. Grimes <
> > freebsd-...@gndrsh.dnsmgr.net> wrote:
> >
> > > > Hi!
> > > >
> > > > Is it possible to bl;ock compute.amazonasws.com with ipfw firewall. I
> > > > have a table with
> On Tue, Aug 6, 2019 at 6:23 PM Rodney W. Grimes <
> freebsd-...@gndrsh.dnsmgr.net> wrote:
>
> > > Hi!
> > >
> > > Is it possible to bl;ock compute.amazonasws.com with ipfw firewall. I
> > > have a table with many amazonasws IPs but every time
> On Tue, 6 Aug 2019 18:42:29 -0700
> Michael Sierchio wrote:
>
> > On Tue, Aug 6, 2019 at 6:23 PM Rodney W. Grimes <
> > freebsd-...@gndrsh.dnsmgr.net> wrote:
> >
> > > > Hi!
> > > >
> > > > Is it possible to bl;ock comput
> Hi!
>
> My system is FreeBSD 12.0-RELEASE-p10 (amd64) and I start learning ipfw
> firewall.
> I have a line:
> cmd 01090 deny log all from any to 224.0.0.0/4 in via $pif
^^^ all translates to ipv4 or ipv6
>From /etc/protocols ip is protocol 0, ipv6 is protocol 41
igmp is p
> Hey ipfw folks ? Im skipping questions@ and asking this directly here,
>
> FreeBSD 12.4 (amd64)
>
> Assume a partial firewall ruleset like this:
>
> 00300 0 0 allow ip from any to any via lo0
> 00400 0 0 allow ip from any to any via lo1
> 00500 0 0 deny ip from any to 127.0.0.0/8 in
>
>
>
> > On Jun 4, 2023, at 12:07 PM, Rodney W. Grimes
> > wrote:
> >
> >> Hey ipfw folks ? Im skipping questions@ and asking this directly here,
> >>
> >> FreeBSD 12.4 (amd64)
> >>
> >> Assume a partial firewall rulese
> >
> >
> > > On Jun 4, 2023, at 12:07 PM, Rodney W. Grimes
> > > wrote:
> > >
> > >> Hey ipfw folks ? Im skipping questions@ and asking this directly here,
> > >>
> > >> FreeBSD 12.4 (amd64)
> > >>
&
20 matches
Mail list logo
