ipfw keep-state (ASAP anwser need)
Thomas S. Crum - 1WISP, Inc.
tscrum at 1wisp.com
Tue Dec 9 06:04:50 PST 2003
If you are using the machine as a bridge, then you must specify the ip
address of the inside interface that you are running bind on.
Replace "me" with the ip.
Best,
Tom
----- Original Message -----
From: "Gregory Edigarov" <greg at profi.kharkov.ua>
To: <freebsd-ipfw at freebsd.org>
Sent: Tuesday, December 09, 2003 5:23 AM
Subject: ipfw keep-state (ASAP anwser need)
> Hello,
>
> The folowing is a fragment of my rc.firewall which must
> allow all
> traffic in and out of my named.
>
> ----
> ipfw add 4100 allow udp from me to any 53 keep-state
> ipfw add 4200 allow udp from any to me 53
> ipfw add 4300 allow udp from me 53 to any
> ---
> This is a fragment from my kernel configuration:
> ---
> options IPFIREWALL #firewall
> options IPFIREWALL_VERBOSE #enable logging to syslogd(8)
> options IPFIREWALL_FORWARD #enable transparent proxy support
> options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity
> options IPDIVERT #divert sockets
> options IPSTEALTH
> options ICMP_BANDLIM
> options DUMMYNET
> options BRIDGE
> options IPFW2
> ---
> It doesn't work. What am I missing?
>
> --
> With best regards,
> Gregory Edigarov
> --------------------------------------------------------------------------
----
> profi.kharkov.ua Systems
Administrator
> --------------------------------------------------------------------------
----
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
>
More information about the freebsd-ipfw
mailing list