[LUAU] ipfwadm -W

Chris Wong wongc at math.ed.hawaii.edu
Wed Jun 30 17:47:11 PDT 1999 

On Wed, 30 Jun 1999, Mark Robinson wrote:

> Hi I am have a small lan that works well with wide open forwarding and
> masq through my RR box.(RH5.2)

> I have been trying to work up a firewall using ipfwadm and the Fire
> wall tool at http://rlz.ne.mediaone.net/linux/firewall/index.html
> 
> I think I uderstand the filter concept, but am having trouble with one
> of the rule styles the firewall tool generates. It sets a variable
> EXTERNAL_INTERFACE ="eth0". This is the interface used with DHCPC that
> connects to RR, or LOOPBACK_INTERFACE= "lo". It uses the following
> syntax:

Correct me if I'm wrong but lo shoudl NOT be connected to the dhcpcd
interface.

> ipfwadm -O -a accept -W $LOOPBACK_INTERFACE .
> 
> Comment for this line says "Unlimited trafic on loopback interface."
> 
> I understand this to say accept any packets from the loopback
> interface destined for anywhere.

Actually, it's an output chain. It'll allow any traffic on the loopback.
It is kind of what you want.

> When I list the resulting rule :ipfwadm -O -l  ,  I get :
> 
> acc all anywhere  anywhere.

yep. ipfwadm -O -l does NOT list the interface specific info
try ipfwadm -O -l -e

> I think the problem is in the use of the -W parameter. This is
> supposed to designate the name of an interface, but it is not able to
> evaluate lo so it defaults to anywhere. The gateway box knows about
> lo,eth0,eth1 according to ifconfig, and they are active. So any ideas
> as to what -W name is supposed to evaluate to? IP Address? I can edit
> the script to do so , but how do you think it is supposed to work?

Seems to be okay. Personally it's redundant to add some chains to an
interface that allows all traffic.

I believe you're supposed to be looking at eth1's firewalling rules.

If you so choose, pass your entire firewall script for me to look at.

--
chris


--
-     __   __  __________  __
-    / /  / / / / __  / / / /  Home Page: http://luau.hi.net
-   / /__/ /_/ / /_/ / /_/ /
-  /____/\____/_/ /_/\____/  LUAU - Linux Users AnonymoUs - Hawaii

-   To unsubscribe: echo unsubscribe luau | mail majordomo at luau.hi.net
-           LUAU meetings are the 3rd Tuesday of each month 6pm
-                   Manoa Innovation Center Meeting Room

More information about the LUAU mailing list