Hello
I cannot get ipfilter to load any rules. When I type in the iptest command I
receive the following output:
[EMAIL PROTECTED]# ipftest
no rules loaded
I used the example found in the /usr/share/examples directory I am unable to
load the firewall. I have tried to load the file though
# ipf -Fa -f /etc/ipf.rules
I have posted my configuration bellow
Thank you
Aaron
Kernel
#IPFILTER
options IPFILTER
options IPFILTER_LOG
#optionsIPFILTER_DEFAULT_BLOCK
/etc/rc.conf
ipfilter_enable=YES
ipfilter_rules=/etc/ipf.rules
ipmon_enable=YES
ipmon_flags=-Dsn
ipnat_enable=YES
ipnat_rules=/etc/ipnat.rules
/etc/syslog.conf
security.* /var/log/ipfilter.log
security.info /var/log/firewall.info
security.notice /var/log/firewall.notice
security.warning/var/log/firewall.warning
security.err/var/log/firewall.err
/etc/ipf.rules (small excerpt)# Allow in standard www function because I have
apache server
pass in quick on dc0 proto tcp from any to any port = 80 flags S keep state
pass in quick on dc0 proto udp from any to any port = 80 keep state
# Allow access to the zope server 8080
pass in quick on dc0 proto tcp from any to any port = 8080 flags S keep state
pass in quick on dc0 proto udp from any to any port = 8080 keep state
# Allow in non-secure Telnet session from public Internet
# labeled non-secure because ID/PW passed over public Internet as clear text.
# Delete this sample group if you do not have telnet server enabled.
#pass in quick on dc0 proto tcp from any to any port = 23 flags S keep state
#pass in quick on dc0 porto udp from any to any port = 23 keep state
# Allow in secure FTP, Telnet, and SCP from public Internet
# This function is using SSH (secure shell)
pass in quick on dc0 proto tcp from any to any port = 22 flags S keep state
pass in quick on dc0 proto udp from any to any port = 22 keep state
# Block and log only first occurrence of all remaining traffic
# coming into the firewall. The logging of only the first
# occurrence stops a .denial of service. attack targeted
# at filling up your log file space.
# This rule enforces the block all by default logic.
block in log first quick on dc0 all
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]