ipfilter rule will not load

2006-04-25 Thread Aaron Siegel 
Hello
I cannot get ipfilter to load any rules. When I type in the iptest command I 
receive the following output:
[EMAIL PROTECTED]# ipftest
no rules loaded

I used the example found in the /usr/share/examples directory I am unable to 
load the firewall. I have tried to load the file though

# ipf -Fa -f /etc/ipf.rules

I have posted my configuration bellow

Thank you
Aaron




Kernel
#IPFILTER
options IPFILTER
options IPFILTER_LOG
#optionsIPFILTER_DEFAULT_BLOCK

/etc/rc.conf
ipfilter_enable=YES
ipfilter_rules=/etc/ipf.rules
ipmon_enable=YES
ipmon_flags=-Dsn
ipnat_enable=YES
ipnat_rules=/etc/ipnat.rules


/etc/syslog.conf
security.*  /var/log/ipfilter.log
security.info   /var/log/firewall.info
security.notice /var/log/firewall.notice
security.warning/var/log/firewall.warning
security.err/var/log/firewall.err
 
/etc/ipf.rules (small excerpt)# Allow in standard www function because I have 
apache server
pass in quick on dc0 proto tcp from any to any port = 80 flags S keep state
pass in quick on dc0 proto udp from any to any port = 80 keep state

# Allow access to the zope server 8080
pass in quick on dc0 proto tcp from any to any port = 8080 flags S keep state
pass in quick on dc0 proto udp from any to any port = 8080 keep state

# Allow in non-secure Telnet session from public Internet
# labeled non-secure because ID/PW passed over public Internet as clear text.
# Delete this sample group if you do not have telnet server enabled.
#pass in quick on dc0 proto tcp from any to any port = 23 flags S keep state
#pass in quick on dc0 porto udp from any to any port = 23 keep state


# Allow in secure FTP, Telnet, and SCP from public Internet
# This function is using SSH (secure shell)
pass in quick on dc0 proto tcp from any to any port = 22 flags S keep state
pass in quick on dc0 proto udp from any to any port = 22 keep state

# Block and log only first occurrence of all remaining traffic
# coming into the firewall. The logging of only the first
# occurrence stops a .denial of service. attack targeted
# at filling up your log file space.
# This rule enforces the block all by default logic.
block in log first quick on dc0 all

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ipfilter rule will not load

2006-04-25 Thread Ron Wilhoite 

On 4/25/2006 1:19 PM, Aaron Siegel wrote:

Hello
I cannot get ipfilter to load any rules. When I type in the iptest command I 
receive the following output:

[EMAIL PROTECTED]# ipftest
no rules loaded



man ipftest says:

At least one of -N, -P or -r must be specified.

Sounds like you want:

# ipftest -r /etc/ipf.rules

Ron Wilhoite
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]