Re: Duplicate IPFW rules

this method but this feature has been useful (at least to me) for years and years now. Scott Oh, I did not realise this use. Hmm...still, I thought that this is what tables are for :) The ability to have several distinct ipfw rules with the same rule_number is also useful for the purposes of

Re: Duplicate IPFW rules

Václav Haisman wrote: > I have just noticed that ipfw list shows one rule twice. It could be that I > have run a script that adds it twice: That's expected behaviour. Rule numbers are not unique. Think of the rule number as a tag attached to the rule. It's perfectly legal that two rules can hav

Re: Duplicate IPFW rules

On Thu, 21 Dec 2006, Scott Ullrich wrote: > On 12/21/06, Václav Haisman <[EMAIL PROTECTED]> wrote: > > Oh, I did not realise this use. Hmm...still, I thought that this is what > > tables are for :) > > Yep, thats another usage for tables. But tables have not been around > for very long eit

Re: Duplicate IPFW rules

On 12/21/06, Václav Haisman <[EMAIL PROTECTED]> wrote: Huh, really? How is it useful? Please, explain. One example feature is to be able to delete many rules at once. If you know that a specific rule number holds rules (example: time based rules) then the script has less work to do. Now gran

Re: Duplicate IPFW rules

On Thu, Dec 21, 2006 at 08:53:07PM +0100, Václav Haisman wrote: > Huh, really? How is it useful? Please, explain. I use the functionality you're questioning. Each of my rule numbers (well, not all of them, but most of them) are for specfic things; such as rule 3000 representing deny SSH attempts

Re: Duplicate IPFW rules

On 12/21/06, Václav Haisman <[EMAIL PROTECTED]> wrote: Oh, I did not realise this use. Hmm...still, I thought that this is what tables are for :) Yep, thats another usage for tables. But tables have not been around for very long either. Considering that I have used IPFW since FreeBSD version

Re: Duplicate IPFW rules

Hi, Re-edit your script and on the first line at the following: ipfw -f fl This line flushes the firewall script that is currently loaded before loading your script. Can you keep me posted. Regards and a Merry Christmas, -- Rodrigo Galiano Celestino Internet & System Consultant

Re: Duplicate IPFW rules

Scott Ullrich wrote, On 21.12.2006 21:05: > On 12/21/06, Václav Haisman <[EMAIL PROTECTED]> wrote: >> Huh, really? How is it useful? Please, explain. > > One example feature is to be able to delete many rules at once. If > you know that a specific rule number holds rules (example: time based >

Re: Duplicate IPFW rules

On 12/21/06, Václav Haisman <[EMAIL PROTECTED]> wrote: Hi, I have just noticed that ipfw list shows one rule twice. It could be that I have run a script that adds it twice: shell::root:~> ipfw list 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 1

Re: Duplicate IPFW rules

Kevin Downey wrote, On 21.12.2006 20:44: > > > On 12/21/06, *Václav Haisman* <[EMAIL PROTECTED] > > wrote: > > Hi, > I have just noticed that ipfw list shows one rule twice. It could be > that I > have run a script that adds it twice: > > shell::r

Duplicate IPFW rules

Hi, I have just noticed that ipfw list shows one rule twice. It could be that I have run a script that adds it twice: shell::root:~> ipfw list 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 01999 deny ip from table(1) to any 01999

Re: 6-STABLE (6.2-PRE) and applications (named natd dhcpd) getting stuckin state zoneli (zone limit) - dynamic ipfw rules not working after time- vlans on em

TABLE before with out difficulty. Very little has changed on the box. All the same applications, same ipfw rules for the most part (just more rules for new customers). Most of the time the processes cannot be killed. I did get lucky yesterday with dhcpd. It finally died about an hour later. I was

Re: 6-STABLE (6.2-PRE) and applications (named natd dhcpd) getting stuckin state zoneli (zone limit) - dynamic ipfw rules not working after time- vlans on em

the box to stable about a month ago. It was > running a 6.1-STABLE before with out difficulty. Very little has changed > on the box. All the same applications, same ipfw rules for the most part > (just more rules for new customers). Most of the time the processes > cannot be killed. I

6-STABLE (6.2-PRE) and applications (named natd dhcpd) getting stuck in state zoneli (zone limit) - dynamic ipfw rules not working after time - vlans on em

d on the box. All the same applications, same ipfw rules for the most part (just more rules for new customers). Most of the time the processes cannot be killed. I did get lucky yesterday with dhcpd. It finally died about an hour later. I was compiling the latest stable at the time. But got up

Re: IPFW rules

SigmaX asdf wrote: > I'm trying to setup IPFW to block all ports except those I specify. > For starters I'm just opening SSH. > > # ipfw list > 00050 divert 8668 ip4 from any to any via rl0 > 00100 allow ip from any to any via lo0 > 00200 deny ip from any to 127.0.0.0/8 > 00300 deny ip fro

Re: IPFW rules

any port 22 keep-state (check the ipfw(8) man page to be sure, I haven't touched ipfw rules in a long time and my above syntax may be a bit buggy) -Proto ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"

IPFW rules

I'm trying to setup IPFW to block all ports except those I specify. For starters I'm just opening SSH. # ipfw list 00050 divert 8668 ip4 from any to any via rl0 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00301 allow log tcp f

Re: IPFW rules on tunX devices

On Wed, Jun 19, 2002 at 04:57:21PM +1000, Peter Jeremy wrote: > I have a situation where I want to have some ipfw rules permanently > associated with tun0. In 4.5-RELEASE, I just included lines like the > following in the rules file specified as firewall_type in rc.conf: > add 110

tcp keepalive and dynamic ipfw rules

Hi all, I have setup a dynamic firewall for my personal computer with such rules ipfw add check-state ipfw add deny tcp from any to any established ipfw add pass tcp from me to any setup keep-state from ipfw(8) manual on "FreeBSD 4.5-RC". I found problem with ftp, when download pass longer 5

loading custom ipfw rules

Hello all, Before when using 4.2-release I used to load my custom ipfw rulesets thru /etc/rc.conf, having these lines: firewall_enable="YES" firewall_script="/etc/rc.firewall" firewall_type="/etc/mycustomipfw.rules" firewall_quiet="YES" and all was ok. But since I cvsuped to 4.3-stable (and even

Re: ipfw rules flushing unexpectedly

On Tue, Nov 07, 2000 at 08:22:30AM -0800, cdel wrote: > Three days ago I noticed that the ipfw rules had purged themselves from > memory. The box was 4.1.1-STABLE, 'supped on 10/24/00. Yesterday I supped > in 4.2-BETA #0, re-installed world and a fresh kernel and discovered this

ipfw rules flushing unexpectedly

Three days ago I noticed that the ipfw rules had purged themselves from memory. The box was 4.1.1-STABLE, 'supped on 10/24/00. Yesterday I supped in 4.2-BETA #0, re-installed world and a fresh kernel and discovered this morning that this had no effect. The box is 'Default Deny'