I have installed ipfilter on QNX 6.3. I would like to
implement a firewall, with the first attempt to block
everthing.
I have no success, it is as if the firewall to totally
bypassed. Repeated ipfstat indicates no activity
whatsoever.
I hope somebody can help.
Regards,
Francois
# io-net -ptcpip -dspeedo
# ifconfig en0 192.168.11.67/24
# mount -T io-net -o file=/etc/ipf.conf
/lib/dll/nfm-ipfilter.so
IP Filter: v3.4.6 initialized. Default = pass all, Logging
= enabled
IP Filter: v3.4.6
# uname -a
QNX localhost 6.3.0 2004/04/29-21:23:19UTC x86pc x86
# isainfo -vk
sh: isainfo: not found
# ifconfig -a
lo0: flags=8009<UP,LOOPBACK,MULTICAST> mtu 33212
capabilities=7<IP4CSUM,TCP4CSUM,UDP4CSUM>
enabled=0<>
inet 127.0.0.1 netmask 0xff000000
en0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu
1500
address: 00:07:b8:00:19:e3
inet 192.168.11.67 netmask 0xffffff00 broadcast
192.168.11.255
# netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs
Use Mtu Interface
default 192.168.11.1 UG 1
680 - en0
127.0.0.1 127.0.0.1 UH 0
0 33212 lo0
192.168.11 link#2 UC 1
0 - en0
192.168.11.1 00:10:b5:3a:84:1b UHLc 2
29 - en0
# netstat -i
Name Mtu Network Address Ipkts Ierrs
Opkts Oerrs Colls
lo0 33212 <Link> 0 0
0 0 0
lo0 33212 loopback localhost.localdo 0 0
0 0 0
en0 1500 <Link> 00:07:b8:00:19:e3 1060 0
717 0 0
en0 1500 192.168.11 192.168.11.67 1060 0
717 0 0
# netstat -s -P 80c1420
TCP Protocol Control Block at 0x080c1420:
Timers:
REXMT: 0 PERSIST: 0 KEEP: 1718291
2MSL: 0
State: ESTABLISHED, flags 0x39e0, inpcb 0x80bd12c, in6pcb
0x0
rxtshift 0, rxtcur 5, dupacks 0
peermss 1460, ourmss 1460, segsz 500
snd_una 4094588214, snd_nxt 4094588214, snd_up 4094588214
snd_wl1 820953964, snd_wl2 4094588214, iss 4094588167,
snd_wnd 17520
rcv_wnd 17520, rcv_nxt 820954210, rcv_up 820953964, irs
820953769
rcv_adv 820971730, snd_max 4094588214, snd_cwnd 2000,
snd_ssthresh 370761500
rcvtime 2223, rtttime 0, rtseq 4094588197, srtt 60, rttvar
13, rttmin 2, max_sndwnd 17520
oobflags 0, iobc 0, softerror 0
snd_scale 0, rcv_scale 0, req_r_scale 0, req_s_scale 0
ts_recent 5679466, ts_regent_age 3, last_ack_sent 820954210
# ipf -V
ipf: IP Filter: v3.4.6 (256)
Kernel: IP Filter: v3.4.6
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 0
# ipfstat
input packets: blocked 0 passed 0 nomatch 0
counted 0 short 0
output packets: blocked 0 passed 0 nomatch 0
counted 0 short 0
input packets logged: blocked 0 passed 0
output packets logged: blocked 0 passed 0
packets logged: input 0 output 0
log failures: input 0 output 0
fragment state(in): kept 0 lost 0
fragment state(out): kept 0 lost 0
packet state(in): kept 0 lost 0
packet state(out): kept 0 lost 0
ICMP replies: 0 TCP RSTs sent: 0
Invalid source(in): 0
Result cache hits(in): 0 (out): 0
IN Pullups succeeded: 0 failed: 0
OUT Pullups succeeded: 0 failed: 0
Fastroute successes: 0 failures: 0
TCP cksum fails(in): 0 (out): 0
Packet log flags set: (0)
none
# ipfstat -io
block out from any to any
block in from any to any
# ipnat -slv
mapped in 0 out 0
added 0 expired 0
no memory 0 bad nat 0
inuse 0
rules 0
table 80476c4 list 0
List of active MAP/Redirect filters:
List of active sessions:
#
______________________________________________________________
http://www.webmail.co.za the South African FREE email service
