I'm trying to get my head around ipfw. Using OSX's firewall gui, my
rules look like this:

[~] % sudo ipfw show
02000 17492 3044970 allow ip from any to any via lo*
02010 0 0 deny ip from 127.0.0.0/8 to any in
02020 0 0 deny ip from any to 127.0.0.0/8 in
02030 0 0 deny ip from 224.0.0.0/3 to any in
02040 0 0 deny tcp from any to 224.0.0.0/3 in
02050 1298 121268 allow tcp from any to any out
02060 1309 1289318 allow tcp from any to any established
02070 0 0 allow tcp from any to any 22 in
12190 0 0 deny tcp from any to any
65535 554 68620 allow ip from any to any

I understand all of those except 02030 and 02040; what's in that range
that you don't want anything from? (ssh is enabled, btw, so I can play
sysadmin on my little three machine LAN).

Anyway, to test my comprehension, I wrote a rule like so:

[~] % sudo ipfw add 02041 deny ip from doubleclick.com to any in
02041 deny ip from 216.73.92.112 to any in

and just to check:

[~] % sudo ipfw show
02000 17492 3044970 allow ip from any to any via lo*
02010 0 0 deny ip from 127.0.0.0/8 to any in
02020 0 0 deny ip from any to 127.0.0.0/8 in
02030 0 0 deny ip from 224.0.0.0/3 to any in
02040 0 0 deny tcp from any to 224.0.0.0/3 in
02041 0 0 deny ip from 216.73.92.112 to any in
02050 1298 121268 allow tcp from any to any out
02060 1309 1289318 allow tcp from any to any established
02070 0 0 allow tcp from any to any 22 in
12190 0 0 deny tcp from any to any
65535 554 68620 allow ip from any to any

OK, so now I go to a site where I know there are doubleclick adds, and
if I click on one I get a 204 no content error from my browser, so I
think it's working. But just be sure:

[~] % sudo ipfw show
02000 18606 3190834 allow ip from any to any via lo*
02010 0 0 deny ip from 127.0.0.0/8 to any in
02020 0 0 deny ip from any to 127.0.0.0/8 in
02030 0 0 deny ip from 224.0.0.0/3 to any in
02040 0 0 deny tcp from any to 224.0.0.0/3 in
02041 0 0 deny ip from 216.73.92.112 to any in <---
02050 1652 158187 allow tcp from any to any out
02060 1625 1557217 allow tcp from any to any established
02070 0 0 allow tcp from any to any 22 in
12190 2 96 deny tcp from any to any <---
65535 697 83581 allow ip from any to any

WTF? It looks to me like the doubleclick packets were passed by 02041,
but then killed by 12190. What am I missing?

--
Fudo
DAM, IJAL

In article <fudo-86622A.13014205052004@www.thurston.com>, fudo
<fudo@spamblocked.invalid> wrote:

> I'm trying to get my head around ipfw. Using OSX's firewall gui, my
> rules look like this:

Post this in the UNIX section here:

http://forums.osxfaq.com/

--
Koncept <<
"The snake that cannot shed its skin perishes. So do the spirits who are
prevented from changing their opinions; they cease to be a spirit."
-Nietzsche

In article <050520041728487661%user@unknown.invalid>,
Koncept <user@unknown.invalid> wrote:

> In article <fudo-86622A.13014205052004@www.thurston.com>, fudo
> <fudo@spamblocked.invalid> wrote:
>
> > I'm trying to get my head around ipfw. Using OSX's firewall gui, my
> > rules look like this:
>
> Post this in the UNIX section here:
>
> http://forums.osxfaq.com/

Well, actually, after posting I realized I hadn't really done a full
test. So I tried it again after deleting the doubleclick rule, and I
still get a 204 no content error. Had nothing to do with the firewall,
by the looks of it. I need to do a little more research and testing, I
think. Meanwhile, lets see if syslog has got any firewall messages, or
if I need to figure out how to turn it on...

--
Fudo
DAM, IJAL