With this:
ipfw add 5000 nat 15 ip from any to any via em0
ipfw nat 15 config log same_ports if em0
added to the firewall, the local CUPS instance won't print.
Also, it is ssh (PuTTY) can't connect from the same /8.
Without it. both work.
The ipfw rules - without line 5000 - are appended.
What do I need to add to resolve this?
Respectfully,
Robert Huff
�
00100 19769284 8649860985 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
00350 187476 71173934 allow udp from any 67-68 to any dst-port 67-68
06000 0 0 deny log tcp from any to any dst-port 137 in via em0
06050 32 3000 deny log udp from any to any dst-port 137 in via em0
06100 0 0 deny log tcp from any to any dst-port 138 in via em0
06150 4039 967213 deny log udp from any to any dst-port 138 in via em0
06200 0 0 deny log tcp from any to any dst-port 139 in via em0
06250 0 0 deny log udp from any to any dst-port 139 in via em0
07000 0 0 deny log tcp from any to any dst-port 111 in via em0
07050 0 0 deny log udp from any to any dst-port 111 in via em0
07100 0 0 deny log tcp from any to any dst-port 530 in via em0
07150 0 0 deny log udp from any to any dst-port 530 in via em0
07200 0 0 deny log logamount 100 tcp from any to any dst-port
161 in recv em0
07225 0 0 deny log logamount 100 udp from any to any dst-port
161 in recv em0
07250 0 0 deny log logamount 100 tcp from any to any dst-port
162 in recv em0
07275 0 0 deny log logamount 100 udp from any to any dst-port
162 in recv em0
07300 0 0 deny log tcp from any to any dst-port 194
07310 0 0 deny log udp from any to any dst-port 194
07320 0 0 deny log tcp from any to any dst-port 529
07330 0 0 deny log udp from any to any dst-port 529
07340 0 0 deny log tcp from any to any dst-port 994
07350 0 0 deny log udp from any to any dst-port 994
07360 335 13400 deny log tcp from any to any dst-port 6667
07370 3 603 deny log udp from any to any dst-port 6667
10000 23928192 7554903291 allow tcp from any to any established
10100 578246 43710271 allow ip from any to any out via em0
10200 16635 798480 allow tcp from 10.0.0.0/8 to any dst-port 80
10300 0 0 allow tcp from any 80 to any dst-port 1024-65535 via
em0
10400 0 0 allow tcp from any 443 to any dst-port 1024-65535 via
em0
10500 0 0 deny log tcp from any 1024-65535 to any dst-port 80
via em0
10600 113 5844 deny log tcp from any 1024-65535 to any dst-port 443
via em0
65000 753790 117719801 allow ip from any to any
65535 12 1157 deny ip from any to any
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
