I am not very experienced in using ipfilter, so I got several questions. Sorry if these look like ones from FAQ, but I was not able find answer on FAQ or mailing list archives. So I hope someone will have some comments about these.
1. On all examples rules use "flags S/SA" to check for incoming connections. Why not "flags S" ? Also same for established connections suggestion is to use "flags A/A". Why not "flags A" ?
2. I have rules :
pass out quick all keep state
block in log all head 110
pass in log quick proto icmp from any to any icmp-type echo group 110
pass in log quick proto tcp from any to any port = 22 flags S keep state group 110
So I supposed, that all outgoing connections should pass without problems ("keep state" points to that) while incoming connections will allow only ping replies and ssh connection.
But actually some services are not working without additional rule
pass in log quick proto tcp all flags A group 110
Output from snoop is :
client -> server TCP D=2049 S=1023 Syn Seq=66604823 Len=0 Win=49640 options=<mss 1460,nop,nop,sackOK>
server -> client TCP D=1023 S=2049 Ack=20849184 Seq=3786225728 Len=0 Win=8760
3. My intention is to protect machine, not establish firewall between public/private nets. I am going to block incoming services by default and allow only authorized ones (like ssh for example) and allow run transparently all outgoing service requests. My question is - is there set of rules to allow NIS, NFS and related services requests to pass in for client (now I allow all UDP traffic from NIS/NFS servers) ? Does anybody has set of rules to share with me for usage on NFS and NIS servers to serve NFS and NIS related services only ?
Thank you in advance for your help. I will also appreciate not quick solutions, but possible links to documents on the web and other available information about.
With best regards Martynas
smime.p7s
Description: S/MIME Cryptographic Signature
