ipfw dosn"t want to run a rule ???? is it possible ?

[michael]

Ok, u're right,

i set up the rules and all is ok, now i've two problems:

first,
i think i'm resolving it... => i want to block MAC adress, so i've found
informations who explain the nessessary BRIDGE option in the kernel conf
(so i'm compiling a new one at the moment) and later => ipfw add deny
from any to any MAC any xx:xx:xx:xx:xx  ... will work...

second,
i will block traffic like msn or other messenger using the port 80, and
block sites filtering his contents, and for that i've no idea how to do that

so if someone have understand what i try to explain in english...

thanx for ure help

Michael.


Bob Johnson a écrit :

>On 4/1/06, michael <micatod at koproject.org> wrote:
>  
>
>>Thanx for ure answer, u're french is prety understandable ;-)
>>
>>I'm really sorry, i dont have subscribe to this mailing list, i was
>>trying to send mail to questions at freebsd.org-fr and i've made a mistake,
>>and the second mail was for another mailling list (what happend this
>>evening ???) but if u're able to help me it's welcome.
>>
>>    
>>
>
>questions at freebsd.org is a mailing list
>
>  
>
>>This is my problem (sorry for my bad english):
>>I've made a firewall with ipfw on a freebsd 6, i sent the rules (ipfw -a
>>-d -t list) and the log
>>
>>I really don't understand why the packet don't match with the rule.
>>    
>>
>
>Sorry I can't reply in French, but from your original posting:
>
>00020 0 0 skipto 800 udp from any to any dst-port 53 out via rl0 setup
>keep-state
>00021 0 0 skipto 800 udp from any to any dst-port 53 out via rl0 setup
>keep-state
>00022 0 0 skipto 800 tcp from any to any dst-port 53 out via rl0 setup
>keep-state
>00023 0 0 skipto 800 udp from any to any out via rl0 setup keep-state
>
>I don't think there is such a thing as a UDP "setup" packet, so a UDP
>"setup" filter will probably never match a packet.  It might work as
>you expect if you removed "setup" from the UDP packet filters.
>
>- Bob
>  
>