[574] in linux-net channel archive
ipfw unexpected behavior
daemon@ATHENA.MIT.EDU (Kayvan Sylvan)
Sun Jun 25 20:05:49 1995
Date: Sun, 25 Jun 95 16:05 PDT
To: linux-net@vger.rutgers.edu
From: Kayvan Sylvan <kayvan@Sylvan.COM>
I'm not sure whether this is a bug or not... The ipfw man page is very
dense and unclear.
Here's what I'm doing:
######################################################################
# IP blocking for sylvan.com
#
ipfw f b # flush the blocking table
# Reject all telnet connections
ipfw add b reject tcp from 0.0.0.0/0 to satyr.sylvan.com telnet
# Except for these telnet connections
ipfw add b accept tcp from 128.17.35.186/16 to satyr.sylvan.com telnet
ipfw add b accept tcp from 128.14.0.0/16 to satyr.sylvan.com telnet
# Accept anything from sylvan-net
ipfw add b accept all from 204.153.195.0/29 to satyr.sylvan.com
######################################################################
Now, I telnet *from* satyr.sylvan.com to a machine at berkeley, then I
do a telnet back to satyr.sylvan.com to test:
kayvan@remarque> telnet sylvan.com
Here's what happens.
Trying 204.153.195.1 ...
Connection closed by foreign host.
So far, so good.
root@satyr[/usr/adm]:599$
Huh??? I was dumped back on satyr. Why? It looks as if the telnet
connection *from* satyr was also (after the fact of the connection)
rejected.
I can reproduce this at will. Is it a bug?
---Kayvan
"The trust and respect of a child is an honor to be earned, not demanded."
Kayvan Sylvan | Sylvan Associates | Proud Dad of:
kayvan@Sylvan.COM | http://www.isp.net/~kayvan | Katherine Yelena (8/8/89)
(408) 978-1407 PGP OK | Ask me about Avatar. | Robin Gregory (2/28/92)
