Mailinglist Archive: opensuse-security (195 mails)

< Previous Next >
[suse-security] Understanding IP-Forwarding with ipfwadm
  • From: "Jens Leilich" <Jens.S.Leilich@xxxxxxxxxxxxxxxxxxxxx>
  • Date: Thu, 23 Mar 2000 11:32:57 MET
  • Message-id: <200003231035.LAA32234@xxxxxxxxxxxxxxxxxxx>
> # disable proxy, works!
> /sbin/ipfwadm -F -a reject -P tcp -S e00 -D 192.168.251.2 81
> # enable web-server, works
> /sbin/ipfwadm -F -a accept -S e00 -D 192.168.251.2
> # disable rest of the world, doesn't work
> /sbin/ipfwadm -F -a reject -P tcp -S e00 -D 0.0.0.0
> why does the last rule not work and connection (http) is possible via masquerading?

Found the solution:
/sbin/ipfwadm -F -a reject -P tcp -S e00 -D 0.0.0.0/0
The "/0" was missing, so 0.0.0.0 was interpreted as a single computer, not
as a network.

Jens Leilich

---
jens.leilich@xxxxxxxxxxxxxxxxxxxxx, http://bbst1.lu.rp.schule.de
BBS Technik I Ludwigshafen, Franz-Zang-Str. 3-7, 67059 Ludwigshafen
Telefon +49 621 504-4110 (Anrufbeantworter) (Answering Machine)
+49 621 504-4101 (Sekretariat)
Telefax +49 621 504-3789

< Previous Next >
References