Hello,
we have some Solaris 10 servers running the following version of ipfilter:
ipf: IP Filter: v4.1.9 (592)
Kernel: IP Filter: v4.1.9
Running: no
Log
Flags: 0 = none set
Default: nomatch -> block all, Logging:
available
Active list: 0
Feature mask: 0x107
The following broadcast packets are being blocked inbound according to ipmon.
17/03/2011 18:19:04.498382 e1000g0
@0:43 b 10.239.139.32,45960 -> 255.255.255.255,5735 PR udp len 20 181 IN
low-ttl
17/03/2011 18:19:04.498485 e1000g2 @0:43 b 10.239.138.32,45960 ->
255.255.255.255,5735 PR udp len 20 181 IN low-ttl
The inbound rules are below, however I would expect the highlighted line (***)
to allow the packet. To allow inbound packets to 255.255.255.255 do we need to
explicitly use this address, or should "any" be allowing this in?
pass in quick on lo0 all keep state keep frags
pass in quick from
172.21.1.4/32 to any port = 22 keep state keep frags
pass in quick from
172.21.1.6/32 to any port = 22 keep state keep frags
pass in quick from
10.239.138.100/32 to any port = 22 keep state keep frags
pass in quick from
10.239.162.100/32 to any port = 22 keep state keep frags
pass in quick from
10.239.158.39/32 to any port = 22 keep state keep frags
pass in quick from
10.239.158.40/32 to any port = 22 keep state keep frags
pass in quick from
10.239.158.41/32 to any port = 22 keep state keep frags
pass in quick from
10.239.162.30/32 to any port = 22 keep state keep frags
pass in quick from
10.239.162.31/32 to any port = 22 keep state keep frags
pass in quick from
10.239.162.32/32 to any port = 22 keep state keep frags
block in quick from
any to any port = 22
pass in quick from 10.239.128.0/17 to any port = 1521
keep state keep frags
pass in quick from 10.239.128.0/17 to any port = 3032
keep state keep frags
pass in quick from 10.239.128.0/17 to any port = 3232
keep state keep frags
pass in quick from 10.239.128.0/17 to any port = 7565
keep state keep frags
pass in quick from 10.239.128.0/17 to any port = 7778
keep state keep frags
pass in quick from 10.239.128.0/17 to any port = 8598
keep state keep frags
pass in quick from 10.239.128.0/17 to any port = 9998
keep state keep frags
pass in quick from 10.239.128.0/17 to any port = 21807
keep state keep frags
pass in quick from 10.239.128.0/17 to any port = 21808
keep state keep frags
pass in quick from 10.239.128.0/17 to any port = 21809
keep state keep frags
pass in quick from 10.239.128.0/17 to any port = 21810
keep state keep frags
pass in quick from 10.239.128.0/17 to any port = 21901
keep state keep frags
pass in quick proto udp from any to any port = 5735
keep state (***)
pass in quick proto udp from any to any port = 5736 keep
state
pass in quick proto tcp from any to any port = 3153 keep state
pass
in quick proto tcp from any to any port = 5735 keep state
pass in quick proto
tcp from any to any port = 5736 keep state
pass in quick proto udp from
10.239.138.100/32 to any port = snmpd keep state keep frags
pass in quick
proto udp from 10.239.162.100/32 to any port = snmpd keep state keep
frags
pass in quick from 172.17.26.28/32 to any port = 3144 keep state keep
frags
pass in quick from 172.17.26.30/32 to any port = 3144 keep state keep
frags
pass in quick from 172.17.23.58/32 to any port = 3144 keep state keep
frags
pass in quick from 172.17.23.59/32 to any port = 3144 keep state keep
frags
pass in quick from 172.17.23.60/32 to any port = 3144 keep state keep
frags
pass in quick from 172.17.26.28/32 to any port = 443 keep state keep
frags
pass in quick from 172.17.26.30/32 to any port = 443 keep state keep
frags
pass in quick from 172.17.23.58/32 to any port = 443 keep state keep
frags
pass in quick from 172.17.23.59/32 to any port = 443 keep state keep
frags
pass in quick from 172.17.23.60/32 to any port = 443 keep state keep
frags
pass in quick proto icmp from any to any
block in log quick
all
Thanks Craig
