SigmaX asdf wrote: > I'm trying to setup IPFW to block all ports except those I specify. > For starters I'm just opening SSH. > > # ipfw list > 00050 divert 8668 ip4 from any to any via rl0 > 00100 allow ip from any to any via lo0 > 00200 deny ip from any to 127.0.0.0/8 > 00300 deny ip from 127.0.0.0/8 to any > 00301 allow log tcp from any to any dst-port 22 > 00399 deny ip from any to any > 65000 allow ip from any to any > 65535 deny ip from any to any > > Traffic is still blocked on port 22 -- I can't login via SSH. What am > I doing wrong, and what rule should I be using to allow SSH in and > through? >
You need to allow the return traffic. Either something like: ipfw add 1 allow tcp from any to any established or: ipfw add 1 check-state and change your port 22 rule to read ipfw allow log tcp from any to any port 22 keep-state (check the ipfw(8) man page to be sure, I haven't touched ipfw rules in a long time and my above syntax may be a bit buggy) -Proto _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
