R: Re: ipfw & cups
Vittorio
vdemart1 at tin.it
Tue Oct 3 08:22:33 PDT 2006
This are my rules (line 631 is about the same port!):
Ciao - Vittorio
#ipfw list
00500 check-state
00501 deny tcp from any to any established
00502 deny ip from any to any frag
00503 allow ip from any to any via
lo0
00505 deny ip from any to 127.0.0.0/8
00508 deny ip from 127.0.0.0
/8 to any
00590 allow tcp from 10.155.0.0/16 to me dst-port 22,80,8080
via fxp0 setup keep-state
00595 allow tcp from me to any dst-port
22,80,8080,443 via fxp0 setup keep-state
00596 allow tcp from me to
10.155.222.37 dst-port 1524 setup keep-state
00601 allow tcp from
10.155.0.0/16 to me dst-port 81,137-139,445 via fxp0 setup keep-state
00602 allow udp from 10.155.0.0/16 to me dst-port
123,81,137,138,139,445 via fxp0 setup keep-state
00603 allow tcp from
me to any dst-port 81,137-139,445 via fxp0 setup keep-state
00604 allow
udp from me to any dst-port 123,81,137,138,139,445 via fxp0 setup keep-
state
00605 allow tcp from 10.155.0.0/16 to me dst-port
1024,3306,5432,5900-5909 via fxp0 setup keep-state
00607 allow udp from
10.155.0.0/16 to me dst-port 1024,3306,5432,5900 via fxp0 setup keep-
state
00608 allow tcp from any to 10.155.102.6 dst-port 1491
00609
allow tcp from 10.155.102.6 1491 to any
00610 allow tcp from me to any
dst-port 53 out via fxp0 keep-state
00612 allow udp from me to any dst-
port 53 out via fxp0 keep-state
00631 allow tcp from 10.155.0.0/16 to
me dst-port 631
00700 allow icmp from 10.155.0.0/16 to any via fxp0
65535 deny ip from any to any
Sorry for the way they're displayed but
I'm writing on an awful webmail....
Ciao
Vittorio
>----Messaggio
originale----
>Da: freebsd at meijome.net
>Data: 3-ott-2006 7.08
>A:
<freebsd-questions at freebsd.org>
>Cc: "Vittorio"<vdemart1 at tin.it>
>Ogg:
Re: ipfw & cups
>
>On Mon, 2 Oct 2006 16:22:13 +0100 (GMT+01:00)
>Vittorio <vdemart1 at tin.it> wrote:
>
>> To my ipfw firewall I have
added, according to what I found in the
>> internet, the following
rule to allow the use of cupsd on the same box:
>>
>> 00520 allow ip
from any to any dst-port 631 in
>>
>> to no avail because it
>> is
not even checked as you can see below from the log (obtained from
>>
kde kcontrol center trying (and failing) to display the connected
cups'
>> printers):
>>
>> Am I missing something?
>> What should I
do?
>> Ciao
>> Vittorio
>> ......................................
>>
NbBSD# ipfw -td list
>> 00500 check-state
>>
00501 Mon Oct 2 17:10:13
>> 2006 deny tcp from any to any established
>> 00502
>> deny ip from any to any frag
>>
00503 Mon Oct 2 17:10:13 2006 allow ip
>> from any to any via lo0
>>
00514 deny ip from any
>> to any not
verrevpath in
>> 00520 allow ip from
>> any to
any dst-port 631 in
>> 00525 deny ip from
>>
any to 127.0.0.0/8
>>
.......................................................................
>>
.......................................................................
>> 00609 allow tcp from 10.155.102.6 1491 to
any
>> 00610 allow tcp from me to any dst-port
53 out
>> via fxp0 keep-state
>> 00612 allow
udp from me to
>> any dst-port 53 out via fxp0 keep-state
>>
00700
>> allow icmp from 10.155.0.0/16 to any
via fxp0
>> 65535 Mon Oct 2 17:10:13
>> 2006 deny ip from any to any
>
>can you please send your rules again , making sure there is no dates
inserted
>all over the place?
>thx
>_________________________
>
{Beto|Norberto|Numard} Meijome
>
>"Throughout the centuries there were
[people] who took first steps down new
>paths armed only with their own
vision." Ayn Rand
>
>I speak for myself, not my employer. Contents may
be hot. Slippery when wet.
>Reading disclaimers makes you go blind.
Writing them is worse. You have been
>Warned.
>
More information about the freebsd-questions
mailing list