Re: IPFW and 5.2.1
From: dima (_pppp_at_mail.ru)
Date: 09/29/04
- Previous message: dima: "Re: Bridging vlans w/firewall and selective HTTP redirect?"
- In reply to: Leon Garde: "IPFW and 5.2.1"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: Leon Garde <leon@nelsonbay.com> Date: Wed, 29 Sep 2004 15:56:40 +0400
> guass# ipfw -a list
> 00001 0 0 deny ip from any to 203.222.55.37 via rl0
> 65535 1287 499525 allow ip from any to any
>
> guass# ping 203.222.55.37
> PING 203.222.55.37 (203.222.55.37): 56 data bytes
> 64 bytes from 203.222.55.37: icmp_seq=0 ttl=255 time=0.281 ms
> 64 bytes from 203.222.55.37: icmp_seq=1 ttl=255 time=0.207 ms
>
> < packets are flowing by rl0, despite the ipfw rule to stop them !,
> rl0 being the only network interface 'connected' )
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Are you sure your ping requests/replies really go via rl0?
Try to use the ruleset like this:
# ipfw add deny ip from any to 203.222.55.37 via rl0
# ipfw add deny ip from any to 203.222.55.37 via lo0
:)
>
> guass# ipfw delete 1
>
> guass# ipfw add 1 deny ip from any to any
>
> guass# ping 203.222.55.37
>
> < No answer, like u would hope>
>
>
> Yes, I have searched archives.
>
>
> Why does "via rl0" , "in recv rl0" , "out xmit rl0" ,
> (or via wi0, in recv wi0, out xmit wi0 )
>
>
> Is it a known bug ?
>
> Can't think of anything else relevant to add.
> ipfw seems seriously broken in 5.2.1 ???
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: dima: "Re: Bridging vlans w/firewall and selective HTTP redirect?"
- In reply to: Leon Garde: "IPFW and 5.2.1"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
