ipfw question (FreeBSD 4.11)

Gerard Meijer gmeijer at palmweb.nl
Mon Jan 3 10:28:19 PST 2005

I run apache webserver on my server with FreeBSD 4.11

I have a question about ipfw. I have the following rules in my /etc/ipfw.conf:

$cmd 00200 allow tcp from any to any 80 out via $pif setup keep-state
$cmd 00400 allow tcp from any to any 80 in via $pif setup keep-state

(with $pif being my NIC) Now, everything works fine for me, but I get a lot (and I mean a lot) of these kind of messages in my log:

[Date] [time] [host] /kernel: ipfw: 299 Deny TCP a.b.c.d:80 e.f.g.h:4472 out via em0
[Date] [time] [host] /kernel: ipfw: 499 Deny TCP e.f.g.h:1882 a.b.c.d:80 in via em0

(with a.b.c.d being my ip and e.f.g.h being somebody elses ip).

I guess these people are not surfing through port 80??? Correct me if I'm wrong. How can I change ipfw's rules so that these people aren't blocked anymore?

Thanks in advance!

More information about the freebsd-questions mailing list