On Apr 17, 2006, at 5:29 PM, Noah Silverman wrote:
[ ...redirected to freebsd-questions... ]
Take the following rules:
ipfw add 00280 allow tcp from any to any 22 out via bge0 setup keep-
state
ipfw add 00299 deny log all from any to any out via bge0
ipfw add 0430 allow log tcp from any to me 22 in via bge0 setup
limit src-addr 2
ipfw add 00499 deny log all from any to any in via bge0
In theory, this should allow in SSH and nothing else.
When I install this firewall configuration, I'm locked out of the
box. An inspection of the logs shows that rule 499 is being
triggered by an attempted incoming connection.
You don't have a check-state rule anywhere, so you either need to add
one or a rule to pass established traffic to and from port 22.
Can anybody help?
Also, would it be better to upgrade to ipfw2?? If so, how do I do
that?
Add:
options IPFW2
...to your kernel config file and rebuild the kernel (and world also,
probably).
--
-Chuck
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
