On 16 Mar 2013 at 0:16, Michael David wrote: > Folks, > > I have a problem with IPFILTER. I have tried many things but am at my wits > end:-( > > I have a block-by-default setup, . > > I want to allow ALL outgoing traffic on wm0 and only allow ssh and http in > on wm0 > > My rules are as follows: > * > pass out quick on any all *//this I believe will take care of lo0 also* > > pass in quick on wm0 proto tcp from any to any port = 22 keep state > pass in quick on wm0 proto tcp from any to any port = 80 keep state* > > When I enable the firewall, ALL traffic is completely blocked - in effect I > am cut off from my server. > > What am I doing wrong? Kindly help. >
My rules are: ipf.conf: pass out log first quick on vr1 proto tcp from <my_ip> to \ any port = 22 flags S keep state keep frags pass in log first quick on vr1 proto tcp from <good_ip> to \ <my_ip> port = 22 flags S keep state keep frags sshd_config: Allowusers myusername anotherusername hosts.allow: sshd : <friendly_ip> : allow Some of my pcs have minimal memory so eg. sshd and ftpd are started from inetd. David
