John Doe wrote:
Hi,
I am running a FreeBSD5.3 firewall running
ipf: IP Filter: v3.4.35 (336)
Kernel: IP Filter: v3.4.35
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 0
with SSH active, and I have defined rules to block all incoming traffic apart
from a particular IP (rules attached at end of message). My problem is that for
some reason, when I boot the machine and I portscan it, SSH is fully open to
anyone trying to access it from the internet:
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-06-07 14:55 EDT
Interesting ports on adsl-xxx-xx-xxx-xxx.xxxx.xx (xx.xx.xx.xx):
(The 1662 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
22/tcp open ssh
I have found out that by doing a /etc/./netstart, and restarting the network,
that the ipf rules defined then function correctly and ssh is then blocked (the
count for block return-rst in quick on tun0 proto tcp from any to any starts
increasing).
What I would like to know is if this is a know problem or if it is by design
that this happens, or is it just FreeBSD that acts this way and I should post
this question on their mailing list? Can shed some light on this or on how I
can debug this?
regards
Rekkie
-snip-
Are you sure you have the ruleset loaded? What is in your /etc/rc.conf?
