On Thursday 20 April 2006 05:14, Andrew Pantyukhin wrote:
On 4/20/06, Drew Tomlinson [EMAIL PROTECTED] wrote:
On 4/17/2006 2:29 PM Noah Silverman wrote:
ipfw add 00280 allow tcp from any to any 22 out via bge0 setup
keep-state ipfw add 00299 deny log all from any to any out via bge0
On 4/21/06, RW [EMAIL PROTECTED] wrote:
On Thursday 20 April 2006 05:14, Andrew Pantyukhin wrote:
Yes. 'setup' is from semi-stateful firewall functionality while
'keep-state' is from fully stateful one. You can't use both in
one rule without strange consequences. Just delete 'setup'
words
On 4/17/2006 2:29 PM Noah Silverman wrote:
Hi,
I have a system with a 4.11 Kernel. Unless I'm doing something very
wrong, there seems to be something odd with ipfw.
Take the following rules:
I assume above this you have ipfw add check-state defined? This is
the rule that's required to get
On 4/20/06, Drew Tomlinson [EMAIL PROTECTED] wrote:
On 4/17/2006 2:29 PM Noah Silverman wrote:
Hi,
I have a system with a 4.11 Kernel. Unless I'm doing something very
wrong, there seems to be something odd with ipfw.
Take the following rules:
I assume above this you have ipfw add
Hello!
On Tue, 18 Apr 2006, Tod McQuillin wrote:
Add:
options IPFW2
...to your kernel config file and rebuild the kernel (and world also,
probably).
Yes, you need to rebuild the userland too, which means you also need
IPFW2=true in /etc/make.conf before you build world.
It's
On Mon, Apr 17, 2006 at 06:29:13PM -0400, Charles Swiger wrote:
...
[ ...redirected to freebsd-questions... ]
Thanks for doing that!
...
You don't have a check-state rule anywhere, so you either need to add
one or a rule to pass established traffic to and from port 22.
I thought
David Wolfskill wrote:
On Mon, Apr 17, 2006 at 06:29:13PM -0400, Charles Swiger wrote:
[ ...redirected to freebsd-questions... ]
Thanks for doing that!
It seemed appropriate. :)
[ ... ]
You don't have a check-state rule anywhere, so you either need to add
one or a rule to pass
I tried it with: ipfw add 00015 check-state
I still get locked out :(
This is the standard firewall from the openbsd manual (on the
website.) I don't understand why it wouldn't work as is.
Thanks,
-N
On Apr 17, 2006, at 4:42 PM, Chuck Swiger wrote:
David Wolfskill wrote:
On Mon, Apr
--On April 17, 2006 2:29:23 PM -0700 Noah Silverman [EMAIL PROTECTED]
wrote:
I have a system with a 4.11 Kernel. Unless I'm doing something very
wrong, there seems to be something odd with ipfw.
Take the following rules:
ipfw add 00280 allow tcp from any to any 22 out via bge0 setup keep-
Hi,
I doing this over an SSH connection, so I can't see console.
If I do it wrong, I get locked out and have to initiate a remote
reboot. Fun!
Thanks!
-N
On Apr 17, 2006, at 5:10 PM, Paul Schmehl wrote:
--On April 17, 2006 2:29:23 PM -0700 Noah Silverman
[EMAIL PROTECTED] wrote:
I
--On April 17, 2006 5:20:27 PM -0700 Noah Silverman [EMAIL PROTECTED]
wrote:
Hi,
I doing this over an SSH connection, so I can't see console.
If I do it wrong, I get locked out and have to initiate a remote reboot.
Fun!
Once you've ssh'd in to the box. Can you ssh out?
And what does
On Monday 17 April 2006 22:29, Noah Silverman wrote:
ipfw add 0430 allow log tcp from any to me 22 in via bge0 setup limit
src-addr 2
ipfw add 00499 deny log all from any to any in via bge0
In theory, this should allow in SSH and nothing else.
What happens when you replace limit src-addr
On Tuesday 18 April 2006 00:42, Chuck Swiger wrote:
David Wolfskill wrote:
I thought check-state was fairly optional; ref:
These dynamic rules, which have a limited lifetime, are checked at
the first occurrence of a check-state, keep-state or limit rule, and are
typ- ically used
On Mon, 17 Apr 2006, Charles Swiger wrote:
Add:
options IPFW2
...to your kernel config file and rebuild the kernel (and world also,
probably).
Yes, you need to rebuild the userland too, which means you also need
IPFW2=true in /etc/make.conf before you build world.
--
Tod
[EMAIL PROTECTED] wrote:
I have IPFW setup, and in my ruleset i have the following line
add 04009 allot tcp from any to me dst port 80 in via x10 setup
add 04010 allow tcp from any to me dst port 25 in via xl0 setup
however if I enable the firewall and try to telnet into port 25, it cannot
[snip]
You do have a rule for established connections?
Kevin Kinsey
DaleCo S.P.
you know the only rule i have for that is
add 6 deny log tcp from any to any established
I am assuming this is incorrect?
___
[EMAIL PROTECTED] mailing list
[EMAIL PROTECTED] wrote:
[snip]
You do have a rule for established connections?
Kevin Kinsey
DaleCo S.P.
you know the only rule i have for that is
add 6 deny log tcp from any to any established
I am assuming this is incorrect?
Aye, there's the rub. Last rule is usually
deny
Aye, there's the rub. Last rule is usually
deny ip from any to any; somewhere above
that, but after the setup rules is allow ip from
any to my.ip.add.ress established* ... it does
no good to allow the setup packets but no
further data
Kevin Kinsey
DaleCo S.P.
*instead of allow ip
18 matches
Mail list logo