kern/120290: ipfw jump rules
Andrey V. Elsukov
bu7cher at yandex.ru
Wed Feb 6 05:50:02 UTC 2008
The following reply was made to PR kern/120290; it has been noted by GNATS.
From: "Andrey V. Elsukov" <bu7cher at yandex.ru>
To: FreeBSD-gnats-submit at FreeBSD.org
Cc: Nistor Marius <mariusmayl at yahoo.com>
Subject: Re: kern/120290: ipfw jump rules
Date: Wed, 06 Feb 2008 08:45:14 +0300
Nistor Marius wrote:
> no i open ports ... just inc ase if the user need that ports open to
> don't open a support ticket for that
> the problem is ... i use this way from last few years ago on FreeBSD 4.X
> and 5.X and was working fine
> on freebsd 6.X no
> i think the ipfwadmin miss the number of rules and jump the rules
I'm sorry. My English isn't very good. Did you right understand
what do these rules? I'll try a bit more describe they:
10164 allow ip from 220.127.116.11 to any uid net
This rule match all TCP or UDP packets from 18.104.22.168 to any, which
will be sent or received by processes witch works as user "net"
on your machine. E.g. you can run a web-server as user "net" and some
packets will be matched by this rule (if they will be from
22.214.171.124 to any).
10165 allow ip from any to 126.96.36.199
This rule match all IP packets from any addresses to 188.8.131.52.
10166 allow tcp from 184.108.40.206 10000-65535,21,22,25,80,110,113,443
This rule will be match packets for source address 220.127.116.11 and
source ports 10000-65535,21,22,25,80,110,113,443 destined to any
addresses and ports. It will not match packets if they already
matched by rule 10164, because "allow" action terminates search.
10167 deny ip from 18.104.22.168 to any
This rule will deny packets that didn't match rules 10164 and 10166.
Did you want the same?
WBR, Andrey V. Elsukov
More information about the freebsd-bugs