Correct syntax for ipfw to allow local traffic?

Ruben de Groot mail23 at bzerk.org
Wed Aug 27 05:45:02 PDT 2003


On Wed, Aug 27, 2003 at 02:48:50PM +0300, Vitali Malicky typed:
> 
> > Hi all,
> Hi!
> 
> >
> > I have
> > 00100 allow ip from any to any via lo0
> > in my firewall script. But although I get lines like
> >
> > silakka /kernel: Connection attempt to TCP 127.0.0.1:2000 from
> 127.0.0.1:3914
> >
> > into my messages log. It is jsst like the firewall although blocks local
> > traffic. What should I add or modify to allow traffic via loopback and/or
> > from and to 127.0.0.1 ?
> 
>  /sbin/ipfw -q add 00001 allow ip from 127.0.0.1 to 127.0.0.1 via lo0

This won't help. He allready allows "any to any via lo0".
Anyway, it's not the firewall logging these "Connection attempt to" lines
to /var/log/messages. What happens here is some proces tries to make a
connection on a port where no other proces is listening. There can be many
reasons for this. If you don't want to see these messages anymore put the
line

net.inet.tcp.log_in_vain=0

in /etc/sysctl.conf

Ruben

> =========
> 
> I usually configure tyhe firewall in /etc/rc.firewall.
> 
> when I modify firewall rules on the remote servers I responsible of, first I
> make a copy of rc.firewall, say, rc.firewall.new and make all necessary
> changes in _this_ file, then  I run "shutdown -r +5min" and only after that
> I execute /etc/rc.firewall.new
> # /etc/rc.firewall.new nohup &
> if it's alright and I'm still there on the server I just kill the shutdown
> process, if not, the machine reboots with the old rules...
> 
> Best of luck!
> 
> 
> 
> >
> >
> > Regards,
> >
> > Johan Paul
> >
> > _______________________________________________
> > freebsd-questions at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"


More information about the freebsd-questions mailing list