IPFW IPFW dummynet after restart block myself

Hey,

Im trying use dummynet with ipfw but when i restart ipfw i block my self.
Code:
# ipfw config/rules

# Flush all rules before we begin.
ipfw -q -f flush
# Set rules command prefix
cmd="ipfw -q add "
vif="em0"
# allow all for localhost
$cmd 00010 allow ip from any to any via lo0

# checks stateful rules.  If marked as "keep-state" the packet has
# already passed through filters and is "OK" without futher
# rule matching

### Dummynet

ipfw pipe 1 config bw 10Mbit/s

# dep 1
ipfw queue 1 config pipe 1 weight 40
ipfw queue 2 config pipe 1 weight 40

# accounting
ipfw queue 3 config pipe 1 weight 5

# medium usage
ipfw queue 4 config pipe 1 weight 20

# incoming mail
ipfw queue 10 config pipe 1 weight 100

# very low
ipfw queue 11 config pipe 1 weight 1

ipfw add 0010 allow ip from any to 213.32.63.103 in via em0



$cmd 0080 reass all from any to any in

$cmd 00101 check-state
### SSH:

$cmd allow tcp from any to me dst-port 22 in via $vif setup keep-state
$cmd allow tcp from me to any dst-port 22 out via $vif setup keep-state
Im getting error:
Code:
"/usr/local/etc/IPFW.rules" 131L, 4761C written
[root@HardenedBSD /home/bryn1u]# service ipfw onestart
00010 allow ip from any to 213.32.63.103 in via em0
ipfw: invalid action tcp

ipfw: invalid action low
I have a few ips one for host and one for jail:
Code:
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
  options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
   ether 00:25:90:55:fb:de
   hwaddr 00:25:90:55:fb:de
   inet 91.121.x.x netmask 0xffffff00 broadcast 91.121.78.255
   inet 213.32.x.x netmask 0xffffffff broadcast 213.32.63.103
Jails
Code:
[root@HardenedBSD ~]$ jls
   JID  IP Address      Hostname                      Path
     1  213.32.x.x   proton.edu.pl                 /jails/Proton
After restar i can't connect to the server.
What am i doing wrong again :( :( ?
Thanks,
 
Quick guess, I'd say
$cmd allow tcp from any to me dst-port 22 in via $vif setup keep-state
$cmd allow tcp from me to any dst-port 22 out via $vif setup keep-state
need the rule number, ie
Code:
$cmd 1234 allow ....
 
Back
Top