Hello.
I've searched and searched for any info on this situation and have not
had any luck. Any help is much appreciated!
I'm trying to use ipf to restrict web traffic on a terminal server to
our internal web sites only. I have a pretty simple set of rules in and
the 'restricting' part is working fine. The problem I'm having is that
even though my block rule is in with 'return-rst' it does not seem be
working. Prohibited outbound connections still take many seconds to time
out instead of just being refused.
I have verified that return-rst does work for INbound connections,
albeit with the IRE/cache/route/arp bug that I have read about on
Solaris 10. I have checked (with ipmon) that the return packets are not
being blocked by ipf. In addition to return-rst, I have also tried
return-icmp and return-icmp-as-dest with the same result.
Here is my config:
block in log on e1000g0 all
block return-rst in log on e1000g0 proto tcp all
block out log on e1000g0 all
block return-rst out log on e1000g0 proto tcp all
pass out on e1000g0 from any to x.x.0.0/16 keep state (x.x.0.0/16 is
our campus network)
So far I have been trying this with the built-in ipf on Solaris 10
(4.1.9). I am working on getting ipf 5.1.0 installed on the server to
see if that makes any difference. I realize that this isn't a Solaris
support list. I'm just looking for any insight on this specific issue
with return-rst on outbound connections. Should it work? Is this a bug?
Has it been fixed in a later version of ipf or is it a Solaris bug?
Or feel free to suggest a better way to accomplish what I'm trying to do
if you know one.
Thanks much!
-Brian
--
----------------------------------------
Brian H. Nelson
Network Security Analyst
Network and Telecommunications Services
Youngstown State University
bnelson[at]cis[dot]ysu[dot]edu
----------------------------------------
