ipfwadm question

Discussion in 'Computer Science & Culture' started by mouse, Aug 30, 2004.

Thread Status:
Not open for further replies.
  1. mouse can't sing, can't dance Registered Senior Member

    Messages:
    671
    Ok, I am trying to delete a rule from my firewall which has the following format:

    Code:
    type  prot source    destination  ports
    deny  tcp  anywhere  anywhere     any -> 22
    
    So, I thought I could use:
    Code:
    ipfwadm -I -d deny -P tcp -S 0.0.0.0/0 -D 0.0.0.0/0 22
    
    Which only results in the error:

    Code:
    ipfwadm: setsockopt failed: Invalid argument
    I'm guessing it's complaining about the 0.0.0.0/0 in the source and destination arguments, but in my mind it's the only way to specify "anywhere". Isn't it? In sheer desperation, I tried any/0 and other similar variants, but still no go.

    I've Googled around, but mostly I found mirrors of man pages. Does anyone have a clue how to go about this?
     
  2. Google AdSense Guest Advertisement



    to hide all adverts.
  3. Stryder Keeper of "good" ideas. Valued Senior Member

    Messages:
    13,105
    Perhaps 127.0.0.1 should be used instead. (You'll have to forgive me I don't actually use ipfwadm, however localhost is usually refered to as 127.0.0.1 as apposed to 0.0.0.0)

    Or apparently you can get away with 0/0 instead of 0.0.0.0/0

    What I was looking at:
    http://fwtk.ayamura.org/ipfwadm/faq/ipfwadm-faq-4.html#ss4.10
     
  4. Google AdSense Guest Advertisement



    to hide all adverts.
  5. mouse can't sing, can't dance Registered Senior Member

    Messages:
    671
    Yes, localhost is. But I'm trying to refer to anywhere, including localhost and, well, the entire Internet.

    Good one. Unfortunately, it failed and resulted in the same error.

    Wow, that is quite a well documented rule set, thanks for finding it! I noticed that most of these example sets start by whiping the ip tables clean and to rebuild them from scratch. Maybe I should take that path, rather than trying to individually delete rules.
     
  6. Google AdSense Guest Advertisement



    to hide all adverts.
Thread Status:
Not open for further replies.

Share This Page