|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: IPFW Problems?
From: Charles Swiger (cswiger
mac.com)
Date: Mon Apr 17 2006 - 17:29:13 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Apr 17, 2006, at 5:29 PM, Noah Silverman wrote:
[ ...redirected to freebsd-questions... ]
> Take the following rules:
>
> ipfw add 00280 allow tcp from any to any 22 out via bge0 setup keep-
> state
> ipfw add 00299 deny log all from any to any out via bge0
> ipfw add 0430 allow log tcp from any to me 22 in via bge0 setup
> limit src-addr 2
> ipfw add 00499 deny log all from any to any in via bge0
>
> In theory, this should allow in SSH and nothing else.
>
> When I install this firewall configuration, I'm locked out of the
> box. An inspection of the logs shows that rule 499 is being
> triggered by an attempted incoming connection.
You don't have a check-state rule anywhere, so you either need to add
one or a rule to pass established traffic to and from port 22.
> Can anybody help?
>
> Also, would it be better to upgrade to ipfw2?? If so, how do I do
> that?
Add:
options IPFW2
...to your kernel config file and rebuild the kernel (and world also,
probably).
--
-Chuck
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]