From owner-FreeBSD-users-jp@jp.freebsd.org  Fri Apr 24 16:16:20 1998
Received: by jaz.jp.freebsd.org (8.8.8+3.0Wbeta7/8.7.3) id QAA02492
	Fri, 24 Apr 1998 16:16:20 +0900 (JST)
Received: by jaz.jp.freebsd.org (8.8.8+3.0Wbeta7/8.7.3) with ESMTP id QAA02459
	for <FreeBSD-users-jp@jp.freebsd.org>; Fri, 24 Apr 1998 16:15:57 +0900 (JST)
Received: from mitchan3.sd.scc-kk.co.jp ([172.25.13.124]) by sysdsv.sd.scc-kk.co.jp (8.8.5/3.4W4) with ESMTP id QAA09467 for <FreeBSD-users-jp@jp.freebsd.org>; Fri, 24 Apr 1998 16:17:43 +0900 (JST)
Received: from localhost.sd.scc-kk.co.jp (localhost.sd.scc-kk.co.jp [127.0.0.1]) by mitchan3.sd.scc-kk.co.jp (8.8.7/3.4Wbeta6-10/07/96) with SMTP id QAA25377 for <FreeBSD-users-jp@jp.freebsd.org>; Fri, 24 Apr 1998 16:13:44 +0900 (JST)
Message-Id: <199804240713.QAA25377@mitchan3.sd.scc-kk.co.jp>
To: FreeBSD-users-jp@jp.freebsd.org
In-Reply-To: Your message of "Fri, 24 Apr 1998 12:52:58 +0900"
References: <199804240352.MAA29043@lily.pi.nttdata.co.jp>
X-Mailer: Mew version 1.54 on Emacs 19.28.1, Mule 2.3
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Date: Fri, 24 Apr 1998 16:13:44 +0900
From: SATO Mitsuhide <mit-sato@scc-kk.co.jp>
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: bulk
X-Distribute: distribute [version 2.1 (Alpha) patchlevel=24]
X-Sequence: FreeBSD-users-jp 27577
Subject: [FreeBSD-users-jp 27577] Re: Why dropping packets at IPFW ?
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org

$B:4F#$G$9!#(B

At Fri, 24 Apr 1998 12:52:58 +0900
Mitsuru Furuya <furuya@pi.nttdata.co.jp> wrote:

furuya> DNS $B$H(B ntp $B$@$1DL$9$h$&$K@_Dj$7$?$N$G$9$,!"%m%0$r8+$k$H(B DNS $B$N(B
furuya> $B%Q%1%C%H$r7k9=(B deny $B$7$F$$$^$9!#(B

$B4V0c$C$F$$$?$i8f;XE&2<$5$$!#(B

furuya> 00400 allow tcp from any to any established
furuya> 00500 allow tcp from any 53 to 210.154.BB.BBB setup
furuya> 00600 allow tcp from any 80 to 210.154.BB.BBB setup
furuya> 00700 allow tcp from any 123 to 210.154.BB.BBB setup
furuya> 00800 allow udp from any 53 to 210.154.BB.BBB
furuya> 00900 allow udp from any 123 to 210.154.BB.BBB
furuya> 01000 deny log ip from any to any
($BA08e>JN,$7$^$7$?(B)

domain $B$r(B UDP $B$G1?MQ$7$F$$$k$H$7$F!"(B
$B0J2<$N$h$&$J%k!<%k$,I,MW$+$H;W$&$N$G$9$,!"(B
$B4V0c$C$F$$$k$G$7$g$&$+!#(B

client		   server
src ??, dest 53	=>			(1)
		<= src 53, dest ??	(2)

(1) allow udp from any to any 53
(2) allow udp from any 53 to any

(1) $B$K3:Ev$9$k%k!<%k$,8+Ev$?$i$J$$MM$J5$$,$7$^$9!#(B

$B$?$@!"$3$l$@$H(B allow $B$7$?$j(B deny $B$@$C$?$j$H$$$C$?8=>]$,(B
$B@bL@=PMh$J$$$N$G$9$,(B...

--
SATO Mitsuhide // <mit-sato@scc-kk.co.jp>
