amd64/97504: IPFW Rules bug
Oliver Fromme
olli at lurza.secnetix.de
Sat May 20 04:30:35 PDT 2006
The following reply was made to PR amd64/97504; it has been noted by GNATS.
From: Oliver Fromme <olli at lurza.secnetix.de>
To: bug-followup at FreeBSD.org, marcelo_vt at hotmail.com
Cc:
Subject: Re: amd64/97504: IPFW Rules bug
Date: Sat, 20 May 2006 13:28:29 +0200 (CEST)
Marcelo Machado <marcelo_vt at hotmail.com> wrote:
> > Number: 97504
> > Synopsis: IPFW Rules bug
> > [...]
> I've added the following rules to the ipfw.rules:
>
> ipfw add 100 allow all from 192.168.100.3 to 192.168.100.4
> ipfw add 110 allow all from 192.168.100.4 to 192.168.100.3
> ipfw add 65535 deny all from any to any
>
> With these rules the 192.168.100.3 should ping or interact with
> 192.168.100.4 normally, but don't. But if I add this line:
>
> ipfw add 1 allow all from any to any
>
> they talk each other normally, but the most problem comes next,
> if I:
>
> ipfw delete 1
>
> Everything begins to work as they should, only these IP's can talk
> with each other on the net.
You probably forgot to allow access to/from your DNS server,
or something similar. The rule #1 will shortly allow that
access, and when you delete that rule again, it still works
because the DNS results are cached.
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.
"I made up the term 'object-oriented', and I can tell you
I didn't have C++ in mind."
-- Alan Kay, OOPSLA '97
More information about the freebsd-amd64
mailing list