fetch & ipfw?

J

JustLuckyGuy2011-09-15 21:08:29

ipfirewall

JustLuckyGuy, 2011-09-15 21:08:29

fetch & ipfw?

Hello.
We have a situation:

...<br/>
ipfw add 1000 allow all from me to any<br/>
...<br/>
ipfw add 64000 deny log all from any to any<br/>

fetch ya.ru - falls out by
timeout

ipfw add 1001 allow all from 77.88.21.3<i>(ип яндекса) </i>to me

And everything starts working. What's the catch? Previously, it seemed to work fine even without allowing incoming traffic.
Update:
FreeBSD 8.0-RELEASE
The problem was solved by careful review of other configs and comparison line by line.
00600 allow tcp from any to any established
Resolved the issue.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

Z

Zelgadis, 2011-09-16
@Zelgadis

Obviously, with rule 1000 you allow yourself to send packets anywhere, 1001 you allow from Yandex to yourself. And “established” is responsible for the fact that if you are connected, then the permission works and vice versa.

G

gescheit, 2011-09-15
@gescheit

Having stroked the crystal ball, I will assume that the last rule is all traffic. And "before" it worked because the kernel was built in such a way that everything was allowed by default. Anyway ipfw list in studio.

C

cthtuf, 2011-09-17
@cthtuf

your problem will be solved where keep-state creates a dynamic rule for reverse incoming traffic
ipfw add 1000 allow ip from me to any keep-state