IPFW strange events

Rob listone at deathbeforedecaf.net
Sat Nov 1 17:34:31 PST 2003

Not a direct answer, but you should generally put

    add allow all from any to any via lo0

near the start of a rules list. Some things may break if you block
loopback conections.

----- Original Message -----
From: "Chris" <bsdnewbie at coolarrow.com>
Subject: IPFW strange events


This is occurring on a 4.8-RELEASE server using IPFW2...

I have numerous rules that block bogus networks... one of which is:

ipfw add 0104 deny log ip from to any

And I know it's working because using "ipfw list" I get:

00104 deny log ip from to any

Whenever that rule is active, it's blocking packets - "ipfw show":

00104         21       1148 deny log ip from to any


Various services stop working... so I look at /var/log/security and see
NUMEROUS entries such as this:

Nov  1 10:30:00 server /kernel: ipfw: 104 Deny TCP out via lo0

Now I don't see anything in the rule about the localhost address, yet
that's what it's blocking. But a little bit ahead of that rule, I do
have this one:

ipfw add 082 divert natd all from any to any via fxp0

Would it help to put all the bogus network deny rules ahead of the
divert rule?


freebsd-questions at freebsd.org mailing list
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list