On 08/20/13 12:41, Dan Lists wrote:
> You might turn on logging and post the logs of what is being blocked.
> Sometimes things are being blocked by rules you do not expect.
Thanks for the suggestion.
I was seeing refusals from named and mistakenly interpreting them
as ipfw issues.
> On Mon, Aug
You might turn on logging and post the logs of what is being blocked.
Sometimes things are being blocked by rules you do not expect.
On Mon, Aug 19, 2013 at 4:18 PM, Gary Aitken wrote:
> On 08/19/13 00:36, Jason Cox wrote:
> > Are you sure that your DNS requests are over TCP? DNS primarily uses
On 08/19/13 00:36, Jason Cox wrote:
> Are you sure that your DNS requests are over TCP? DNS primarily uses UDP to
> serve requests. TCP is used when the response data size exceeds 512 bytes
> (I think), or for tasks such as zone transfers. I know a few resolver
> implementations use TCP for all que
On 08/19/13 11:53, OpenSlate ChalkDust wrote:
> On Sun, Aug 18, 2013 at 8:06 PM, Gary Aitken wrote:
>
>> I'm having some weird ipfw behavior, or it seems weird to me, and am
>> looking
>> for an explaination and then a way out.
>>
>> ipfw list
>> ...
>> 21109 allow tcp from any to 12.32.44.142 ds
On Mon, Aug 19, 2013 at 1:06 AM, Gary Aitken wrote:
>
> ipfw list
> ...
> 21109 allow tcp from any to 12.32.44.142 dst-port 53 in via tun0 setup
> keep-state
> 21129 allow tcp from any to 12.32.36.65 dst-port 53 in via tun0 setup
> keep-state
> ...
> 65534 deny log logamount 5 ip from any to any
On Sun, Aug 18, 2013 at 8:06 PM, Gary Aitken wrote:
> I'm having some weird ipfw behavior, or it seems weird to me, and am
> looking
> for an explaination and then a way out.
>
> ipfw list
> ...
> 21109 allow tcp from any to 12.32.44.142 dst-port 53 in via tun0 setup
> keep-state
> 21129 allow tc
# my kernel has
# options ROUTETABLES=16
GATEWAY_0="10.3.255.0"
GATEWAY_1="10.3.255.1"
setfib 0 route add default $GATEWAY_0
setfib 1 route add default $GATEWAY_1
ipfw table 1 add $NET_0 0
ipfw table 1 add $NET_1 0
ipfw table 1 add $NET_2 1
ipfw table 1 add $NET_3 0
ipfw add 00500 setfi
Are you sure that your DNS requests are over TCP? DNS primarily uses UDP to
serve requests. TCP is used when the response data size exceeds 512 bytes
(I think), or for tasks such as zone transfers. I know a few resolver
implementations use TCP for all queries, but most I have used not. You
might wa
On Mon, Jan 7, 2013 at 12:33 PM, Jerry wrote:
>
> I have discovered that IPFW stopped logging any messages in the
> security log over a week ago. I did a reset, etcetera, but without
> favorable results. I even tried a cold reboot to see if that made any
> difference; however, it didn't. Other tha
On Tue, 23 Oct 2012 17:35:45 +0330, s m wrote:
> thanks for your quick reply. you know, i want to add studio.h header but
> the below error occurs: "no such file or directory". i am sure that
> studio.h locates in usr/src/include but that error occured. if i write the
> full path of studio.h in ipf
On Tue, Oct 23, 2012 at 05:35:45PM +0330, s m wrote:
> thanks for your quick reply. you know, i want to add studio.h header but
> the below error occurs: "no such file or directory".
You appear to have misstyepd "stdio.h" (no u!).
If that's not the case, please put the source you are trying to c
thanks for your quick reply. you know, i want to add studio.h header but
the below error occurs: "no such file or directory". i am sure that
studio.h locates in usr/src/include but that error occured. if i write the
full path of studio.h in ipfw file and then compile it, another error
happened. do
On Tue, 23 Oct 2012 17:18:43 +0330, s m wrote:
> hi every one
>
> i want to set TOS bit in ipfw but don't know how to do it directly.
> therefore i want to change ipfw code in order to do it for me. i don't know
> ipfw headers path (from where ipfw loads its headers).
>
> please help if somebody
In freebsd-questions Digest, Vol 424, Issue 10, Message: 10
On Sun, 22 Jul 2012 14:55:46 +0300 Eugen Konkov wrote:
Hi Eugen,
> I use ipfw tables to allow host to access to internet.
> is there counter for matched packets/bytes for table entry like for
> ipfw rule?
>
> #ipfw show 901
> ru
can anyone suggest what i'm doing wrong here.
Desired:drop everything from 180.0.0.0 to 180.255.255.255
ipfw -q add 137 deny all from 180.0.0.0/8 to any
nothing wrong. all is fine.
___
freebsd-questions@freebsd.org mailing list
http://lists.freeb
On Mon, May 21, 2012 at 10:19 AM, Paul Macdonald wrote:
> this is now resolved, i hadn't realised (embarrassingly) that ipfw list will
> show rules if if the fw is disabled.
You should consider using tables, which allow you to add ad hoc nets,
etc. and you can swap rulesets atomically so you can
On 21/05/2012 17:01, Paul Macdonald wrote:
On 21/05/2012 16:44, Michael Sierchio wrote:
On Mon, May 21, 2012 at 8:30 AM, Paul Macdonald wrote:
A very open firewall test script is as follows:
this is now resolved, i hadn't realised (embarrassingly) that ipfw list
will show rules if if the
On Mon, 21 May 2012 16:30:59 +0100, Paul Macdonald wrote:
> On 21/05/2012 14:50, Ian Smith wrote:
> > In freebsd-questions Digest, Vol 416, Issue 1, Message: 26
> > On Mon, 21 May 2012 10:06:12 +0100 Paul Macdonald wrote:
> >
> > > can anyone suggest what i'm doing wrong here.
> > >
>
Paul Macdonald wrote:
[snip]
It has been many years since I used IPFW as I moved on to IPFILTER, and then
on to PF which is what I use now. I don't even recall exactly why I chose to
utilize both setting directionality of flow per specific interface. I suspect
that somehow there is some rule o
On 21/05/2012 16:44, Michael Sierchio wrote:
On Mon, May 21, 2012 at 8:30 AM, Paul Macdonald wrote:
A very open firewall test script is as follows:
00010 allow ip from any to any via lo0
00081 deny log ip from 180.0.0.0/8 to any
00100 check-state
You don't need the following
00101 allow tcp
On Mon, May 21, 2012 at 8:30 AM, Paul Macdonald wrote:
> A very open firewall test script is as follows:
>
> 00010 allow ip from any to any via lo0
> 00081 deny log ip from 180.0.0.0/8 to any
> 00100 check-state
You don't need the following
> 00101 allow tcp from any to any established
This may
On 21/05/2012 14:50, Ian Smith wrote:
In freebsd-questions Digest, Vol 416, Issue 1, Message: 26
On Mon, 21 May 2012 10:06:12 +0100 Paul Macdonald wrote:
> can anyone suggest what i'm doing wrong here.
>
> Desired:drop everything from 180.0.0.0 to 180.255.255.255
>
> ipfw -q ad
In freebsd-questions Digest, Vol 416, Issue 1, Message: 26
On Mon, 21 May 2012 10:06:12 +0100 Paul Macdonald wrote:
> can anyone suggest what i'm doing wrong here.
>
> Desired:drop everything from 180.0.0.0 to 180.255.255.255
>
> ipfw -q add 137 deny all from 180.0.0.0/8 to any
t23# i
On Sun, Jan 8, 2012 at 1:00 PM, Ian Smith wrote:
> On Sat, 7 Jan 2012, budsz wrote:
> [..]
> > > keyword instead of an explicit address. The search
> terminates if
> > > this rule matches.
> > >
> > > Note particularly the last sentence. You'll have to do your dummyn
On Sat, 7 Jan 2012, budsz wrote:
> Hi folks,
>
> I already found the mistake of my ruleset sequence on my box, for ex:
>
> ${fwcmd} add 30 fwd ${ipproxy},${portproxy} tcp from ${ipclproxy} to
> any dst-port ${porthttp} in via ${ifint0}
>
> ${fwcmd} add 52 pipe 2 ip from any to ${ipclient
In freebsd-questions Digest, Vol 391, Issue 10, Message: 25
On Sun, 04 Dec 2011 01:44:53 -0600 Tim Daneliuk wrote:
> On 12/04/2011 01:04 AM, Ian Smith wrote:
>
>
> >
> > For one, google 'icmp redirect attack'
>
> But isn't that handled by setting:
>
>
> net.inet.icmp.drop_redire
On 12/04/2011 01:04 AM, Ian Smith wrote:
For one, google 'icmp redirect attack'
But isn't that handled by setting:
net.inet.icmp.drop_redirect=1
# This is the ICMP rule we generally use:
# ipfw add 10 allow icmp from any to any in icmptypes 0,3,4,11,12,14,16,18
Hmmm I just t
In freebsd-questions Digest, Vol 391, Issue 9, Message: 9
On Fri, 02 Dec 2011 10:35:45 -0600 Tim Daneliuk wrote:
> On 12/01/2011 05:45 PM, Jon Radel wrote:
> >
> > On 12/1/11 6:25 PM, Tim Daneliuk wrote:
> >
> >> ${FWCMD} add allow icmp from any to any
> >>
> >> It does work but, two quest
Здравствуйте, Tim.
Вы писали 2 декабря 2011 г., 1:25:04:
TD> I have a fairly restrictive ipfw setup on a FBSD 8.2-STABLE machine.
TD> Pings were not getting through so I added this near the top
TD> of the rule set:
TD>#
TD># Allow icmp
TD>#
TD>${FWCMD} add allow icmp fr
On 12/01/2011 05:45 PM, Jon Radel wrote:
On 12/1/11 6:25 PM, Tim Daneliuk wrote:
I have a fairly restrictive ipfw setup on a FBSD 8.2-STABLE machine.
Pings were not getting through so I added this near the top
of the rule set:
#
# Allow icmp
#
${FWCMD} add allow icmp from any to any
On 12/1/11 6:25 PM, Tim Daneliuk wrote:
I have a fairly restrictive ipfw setup on a FBSD 8.2-STABLE machine.
Pings were not getting through so I added this near the top
of the rule set:
#
# Allow icmp
#
${FWCMD} add allow icmp from any to any
It does work but, two questions:
1) Is
Tim Daneliuk wrote:
> To: Robert Bonomi
> Subject: Re: ipfw And ping
>
> On 12/01/2011 09:12 PM, Robert Bonomi wrote:
> >> From tun...@tundraware.com Thu Dec 1 20:57:55 2011
> >> Date: Thu, 01 Dec 2011 20:56:03 -0600
> >>
> >> Both.
> >
On 12/01/2011 08:56 PM, Robert Bonomi wrote:
Similarly, I let the firewall respond to pings adressed to it's _external_
interface, but silently drop anything addressed any further inside my
network. (If they can _reach_ my firewall, then a problem, whatever it
is, *is* 'my problem' and that's
On 12/01/2011 08:56 PM, Robert Bonomi wrote:
From owner-freebsd-questi...@freebsd.org Thu Dec 1 17:27:19 2011
Date: Thu, 01 Dec 2011 17:25:04 -0600
From: Tim Daneliuk
To: FreeBSD Mailing List
Subject: ipfw And ping
I have a fairly restrictive ipfw setup on a FBSD 8.2-STABLE machine.
Pings we
> From owner-freebsd-questi...@freebsd.org Thu Dec 1 17:27:19 2011
> Date: Thu, 01 Dec 2011 17:25:04 -0600
> From: Tim Daneliuk
> To: FreeBSD Mailing List
> Subject: ipfw And ping
>
> I have a fairly restrictive ipfw setup on a FBSD 8.2-STABLE machine.
> Pings were not getting through so I add
You can rate-limit pings and other icmp with sysctl nodes (sysctl
net.inet.icmp )
You can make the rule a little more restrictive:
add allow icmp from any to any icmptypes 0,3,8,11
if you want to disallow echo requests, omit 8 - the others are
essential for most things to work properly or to dia
On 07/25/2011 09:36 AM, Jos Chrispijn wrote:
> Dear group,
> Is there a web driven configuration for ipfw after I installed it on my
> server?
webmin /usr/ports/sysutils/webmin/
the BSD Firewall module http://www.webmin.com/standard.html
DISCLAIMER: This e-mail is for the intended recipient(s)
OK - I'm confused. Could be all the top posting. ;-)
testbed# man ipfw
Formatting page, please wait...Done.
IPFW(8) FreeBSD System Manager's Manual
IPFW(8)
NAME
ipfw -- User interface for firewall, traffic shaper, packet scheduler,
in-kernel NAT.
^^^
Mike -
You're confused. natd is still a userland process that works via
divert sockets. ipfirewall nat is an extension to ipfirewall (ipfw is
the userland control program to modify the rulesets, nat config,
tables, etc.).
- Michael
On Tue, Jul 12, 2011 at 11:51 PM, Michael Powell wrote:
> Mic
Michael Sierchio wrote:
> I'm familiar with natd since its appearance. I was unclear on the
> ipfirewall nat syntax, since there is no syntax definition in the man
> page. It's true the man page is already too large, but some examples
> (somewhere) would be nice. Marshaling packets into userland
aining.
- M
On Tue, Jul 12, 2011 at 11:05 PM, Bill Tillman wrote:
>
>
>
>
>
>
> From: Michael Sierchio
> To: Dan Nelson
> Cc: Bill Tillman ; freebsd-questions@freebsd.org
> Sent: Tue, July 12, 2011 6:35:19 PM
> Subject: Re: IPF
From: Michael Sierchio
To: Dan Nelson
Cc: Bill Tillman ; freebsd-questions@freebsd.org
Sent: Tue, July 12, 2011 6:35:19 PM
Subject: Re: IPFW Firewall NAT inbound port-redirect
We're not talking about natd. The question was about the use of ipfirewal
In the last episode (Jul 12), Michael Sierchio said:
> On Tue, Jul 12, 2011 at 9:03 AM, Dan Nelson wrote:
> > In the last episode (Jul 12), Michael Sierchio said:
> >> Is there a way of specifying a particular public address if there is
> >> more than one bound to the external interface? A la
> >
We're not talking about natd. The question was about the use of ipfirewall nat.
On Tue, Jul 12, 2011 at 9:03 AM, Dan Nelson wrote:
> In the last episode (Jul 12), Michael Sierchio said:
>> Is there a way of specifying a particular public address if there is
>> more than one bound to the external
In the last episode (Jul 12), Michael Sierchio said:
> Is there a way of specifying a particular public address if there is
> more than one bound to the external interface? A la
>
> nat 123 config if re0.2 log same_ports redirect_port tcp 10.0.0.3:22
> 102.10.22.1:
Yes; the redirect_port sy
:
>
>
>
> From: Dan Nelson
> To: Michael Sierchio
> Cc: freebsd-questions@freebsd.org
> Sent: Mon, July 11, 2011 1:07:31 PM
> Subject: Re: IPFW Firewall NAT inbound port-redirect
>
> In the last episode (Jul 11), Michael Sierchio said:
>> Sorry for the naive q
From: Dan Nelson
To: Michael Sierchio
Cc: freebsd-questions@freebsd.org
Sent: Mon, July 11, 2011 1:07:31 PM
Subject: Re: IPFW Firewall NAT inbound port-redirect
In the last episode (Jul 11), Michael Sierchio said:
> Sorry for the naive question, but most
In the last episode (Jul 11), Michael Sierchio said:
> Sorry for the naive question, but most of my old rulesets still use
> natd, and I've only used built-in nat for outbound traffic. I'd like
> to redirect certain ports on certain addresses to the same ports on
> internal (RFC1918) addresses. T
On Wed, 6 Jul 2011, Unga wrote:
> On Tue, 7/5/11, Ian Smith wrote:
> > > Does anybody successfully use the "ipfw fwd"? If so
> > > in which FreeBSD version?
>
> > Not I, but many do. On the face of it the rule looks
> > correct. Do you
> > have a TCP service running on localhost:1234 ?
--- On Tue, 7/5/11, Ian Smith wrote:
> > Does anybody successfully use the "ipfw fwd"? If so
> in which FreeBSD version?
>
> Not I, but many do. On the face of it the rule looks
> correct. Do you
> have a TCP service running on localhost:1234 ? Does
> wlan0 exist? You
> may do better po
--- On Tue, 7/5/11, Ian Smith wrote:
> From: Ian Smith
> Subject: Re: ipfw: getsockopt(IP_FW_ADD): Invalid argument
> To: "Unga"
> Cc: freebsd-questions@freebsd.org
> Date: Tuesday, July 5, 2011, 5:14 PM
> In freebsd-questions Digest, Vol 370,
> Issue 2, Message
In freebsd-questions Digest, Vol 370, Issue 2, Message: 14
On Mon, 4 Jul 2011 09:11:07 -0700 (PDT) Unga wrote:
> --- On Mon, 7/4/11, Unga wrote:
>
> > From: Unga
> > Subject: ipfw: getsockopt(IP_FW_ADD): Invalid argument
> > To: freebsd-questions@freebsd.org
> > Date: Monday, July 4, 2011
--- On Mon, 7/4/11, Unga wrote:
> From: Unga
> Subject: ipfw: getsockopt(IP_FW_ADD): Invalid argument
> To: freebsd-questions@freebsd.org
> Date: Monday, July 4, 2011, 11:48 AM
> Hi all
>
> Following ipfw rule develop error indicated in the subject
> line:
> ipfw add 100 fwd 127.0.0.1,1234 tcp
On Thu, 23 Jun 2011, umage wrote:
> Some points:
> 1) I did use the handbook as reference, and my ruleset mimics the layout used
> there.
Excuse the late response, I've been away. The best reference, apart
from ipfw(8), is /etc/rc.firewall. 'Nuff said.
> 2) Handbook uses divert natd, whic
Some points:
1) I did use the handbook as reference, and my ruleset mimics the layout
used there.
2) Handbook uses divert natd, which I used until I switched to the
kernel nat approach.
3) I did not find any concrete examples of ipfw nat rule usage, so I'm
using them the old natd way.
I did s
In freebsd-questions Digest, Vol 368, Issue 6, Message: 21
On Tue, 21 Jun 2011 20:16:32 +0200 umage wrote:
> Hi, I'm an ipfw user that finally got the opportunity to set up NAT on
> an interface with a public IP. I was doing some multi-homing experiments
> using ipfw fwd combined with outbound
In freebsd-questions Digest, Vol 337, Issue 2, Message: 26
On Mon, 15 Nov 2010 10:52:41 -0800 Dave Robison wrote:
> I haven't seen someone use "firewall_type" as a path to the config file.
It's not so uncommon. Anyone who's based their ruleset on the handbook
section on IPFW will likely be u
On Mon, Nov 15, 2010 at 10:52:41AM -0800, Dave Robison wrote:
> I haven't seen someone use "firewall_type" as a path to the config
> file. If you check the default rc.firewall file, you will see several
> types of default firewall settings, such as "open" and "closed". You
> want to set "firewall_t
Hi--
On Nov 15, 2010, at 10:52 AM, Dave Robison wrote:
> I haven't seen someone use "firewall_type" as a path to the config file. If
> you check the default rc.firewall file, you will see several types of default
> firewall settings, such as "open" and "closed". You want to set
> "firewall_type
I haven't seen someone use "firewall_type" as a path to the config file.
If you check the default rc.firewall file, you will see several types of
default firewall settings, such as "open" and "closed". You want to set
"firewall_type" in rc.conf to be "open" or whatever your firewall type
is in
Здравствуйте, Grant.
Вы писали 15 ноября 2010 г., 0:50:47:
GP> Hi all,
GP> I seem to have one server that does not flush the /etc/rc.firewall rules
GP> when the script taken from "firewall_type" starts up. That is to say when I
GP> boot the machine, 3 rules seem to be still in the list when I d
In freebsd-questions Digest, Vol 337, Issue 1, Message: 15
On Sun, 14 Nov 2010 17:50:47 -0500 "Grant Peel" wrote:
>
> I seem to have one server that does not flush the /etc/rc.firewall rules
> when the script taken from "firewall_type" starts up. That is to say when I
> boot the machine, 3
It's not a great idea to hack the rc.d scripts, they can be clobbered when
updating.
Chris
Sorry for top-posting, Android won't let me quote, but K-9 can't yet do
threading.
On 15 Nov 2010 08:45, "Wojciech Puchar" wrote:
simply edit /etc/rc.d/ipfw and make it doing only what you want
simply edit /etc/rc.d/ipfw and make it doing only what you want.
On Sun, 14 Nov 2010, Grant Peel wrote:
Hi all,
I seem to have one server that does not flush the /etc/rc.firewall rules when
the script taken from "firewall_type" starts up. That is to say when I boot
the machine, 3 rules seem
On Thu, 30 Sep 2010, Ian Smith wrote:
> countries are long gone. For some scientific (and policy) rationale of
> the increasingly fragmented nature of new allocations down to /22 (ie 64
> IP addresses) have a look at http://www.potaroo.net/tools/ipv4/
Oops; a /22 allocation is of course 4 t
In freebsd-questions Digest, Vol 330, Issue 5, Message: 1
On Wed, 29 Sep 2010 08:16:47 -0400 Carmel wrote:
> While perusing my Apache httpd-error.log, I noticed a large number of
> attempts to access my phpmyadmin directory, as well as a few less know
> others. Most of these probes originated
On 09/29/2010 02:16 PM, Carmel wrote:
> While perusing my Apache httpd-error.log, I noticed a large number of
> attempts to access my phpmyadmin directory, as well as a few less know
> others. Most of these probes originated from China. Since I have no
> legitimate business dealing with that region
On Mon, Sep 13, 2010 at 11:53 AM, Nathan Vidican wrote:
>
> Hey all - I've been trying to implement a transparent proxy for all outgoing
> traffic to port 80 to forward to a proxy server. The problem is that the
> proxy itself resides on a different host than the forward rule does. Has
> anyone
per...@pluto.rain.com wrote:
>
> > ... the 'fwd ... keep-state' statement does create a useful
> > dynamic rule. It contradicts the ipfw(8) man page but works ...
>
> Hopefully someone who understands all this will submit a patch
> for the man page :)
The man page says that the "Dynamic rules wi
Victor Sudakov wrote:
> ... the 'fwd ... keep-state' statement does create a useful
> dynamic rule. It contradicts the ipfw(8) man page but works ...
Hopefully someone who understands all this will submit a patch
for the man page :)
___
freebsd-questio
Nikos Vassiliadis wrote:
> >A packet generated locally 1) should be forwarded by a 'fwd'
> >rule and 2) should create a dynamic 'allow' rule for returning
> >traffic. Could you please suggest a ruleset for this.
>
> The fw has the 10.0.0.1 IP address.
> The 10.0.0.100 IP address belongs to anothe
On 9/7/2010 5:52 PM, Victor Sudakov wrote:
A packet generated locally 1) should be forwarded by a 'fwd'
rule and 2) should create a dynamic 'allow' rule for returning
traffic. Could you please suggest a ruleset for this.
The fw has the 10.0.0.1 IP address.
The 10.0.0.100 IP address belongs to
Nikos Vassiliadis wrote:
> >>>Am I asking something unreasonable?
> >>
> >>Not really, but if you ask, one could say that IPFW is a "first
> >>match wins" firewall, so a fwd or an allow action would be the
> >>terminal one. You must design your rules accordingly.
> >>
> >>There is also the skipto a
On 9/7/2010 2:00 PM, Victor Sudakov wrote:
Nikos Vassiliadis wrote:
Am I asking something unreasonable?
Not really, but if you ask, one could say that IPFW is a "first
match wins" firewall, so a fwd or an allow action would be the
terminal one. You must design your rules accordingly.
There is
Nikos Vassiliadis wrote:
> >Am I asking something unreasonable?
>
> Not really, but if you ask, one could say that IPFW is a "first
> match wins" firewall, so a fwd or an allow action would be the
> terminal one. You must design your rules accordingly.
>
> There is also the skipto action which ca
On 9/7/2010 12:00 PM, Victor Sudakov wrote:
Am I asking something unreasonable?
Not really, but if you ask, one could say that IPFW is a "first
match wins" firewall, so a fwd or an allow action would be the
terminal one. You must design your rules accordingly.
There is also the skipto action w
Am I asking something unreasonable?
Victor Sudakov wrote:
>
> What tricks do you use if you need to allow a packet and then fwd
> it (or vice versa)? The search terminates and the packet quits ipfw on
> "fwd" as well as on "allow".
>
> How do I allow a packet and then policy route it? An example
On 26/08/2010 12:56, Grant Peel wrote:
> I am running FreeBSD 8, and am assuming I am using ipfw2
>
> How does one find the current version of IPFW being used?
Base system utilities generally don't have a separate version number --
other than the SVN revision numbers of their source code files.
In freebsd-questions Digest, Vol 321, Issue 12, Message: 31
On Fri, 30 Jul 2010 07:18:40 -0400 Carmel wrote:
> I am trying to set up a rule using IPFW that utilizes a MAC address
> rather than an IP one.
>
> ipfw -q allow log tcp from MAC 00-14-A4-43-8E-BA to me 137 in via nfe0 setup
> kee
> On 07/30/2010 01:18 PM, Carmel wrote:
>
>> I am trying to set up a rule using IPFW that utilizes a MAC address
>> rather than an IP one.
>>
>> ipfw -q allow log tcp from MAC 00-14-A4-43-8E-BA to me 137 in via nfe0 setup
>> keep-state
>>
>> Would that work, assuming the machine I want to allo
On 07/30/2010 01:18 PM, Carmel wrote:
> I am trying to set up a rule using IPFW that utilizes a MAC address
> rather than an IP one.
>
> ipfw -q allow log tcp from MAC 00-14-A4-43-8E-BA to me 137 in via nfe0 setup
> keep-state
>
> Would that work, assuming the machine I want to allow access has th
On 19/07/2010 10:05, Aiza wrote:
you have to put your hosts /etc/resolve.conf in each jail before you can
get network connection.
I did. It contains:
nameserver 208.67.222.222
nameserver 208.67.220.220
I believe that it's not a problem with jail configuration because NAT
works fine on the
Michael wrote:
Hello.
Does anybody has a working configuration with ipfw nated jails on
loopback interface?
It simply doesn't work on my system. I can not get any connections to
outside world from within a jail.
FreeBSD 8.0-p3 amd64 laptop connected to internet via wlan0 (ath0) with
192.168
> "Michael" == Michael writes:
Michael> Does anybody has a working configuration with ipfw nated jails
Michael> on loopback interface?
I noticed in my pf.conf that I had "set skip on lo".
I changed that to "set skip on lo0" (still advisable), and then created
an "lo1" using
ipv4_addrs_l
Здравствуйте, Casey.
00300 0 0 deny ip from 192.168.0.0/16 to any in via fxp0
00301 0 0 deny ip from 172.16.0.0/12 to any in via fxp0
00302 0 0 deny ip from 10.0.0.0/8 to any in via fxp0
00303 0 0 deny ip from 127.0.0.0/8 to any in via fxp0
00304 0
Just a sidenote:
On Sat, 15 May 2010 02:33:10 +0200, umage wrote:
> However, if I
> run the script manually, or call it from the end of /etc/rc, it will add
> these rules as well. Currently I am using a workaround.
It's not a good idea to modify /etc/rc. In your case, using the
mechanism s of /e
On Sat, May 15, 2010 at 02:33:10AM +0200, umage wrote:
> I performed a kernel+world update of my freebsd router, RELENG_8 branch,
> apparently from the version 6 months ago to current. I use ipfw and a
> shell script that gets loaded at startup. I noticed after rebooting that
> ipfw did not load tw
On 2010.04.12 14:15, Jerry wrote:
> On Mon, 12 Apr 2010 10:04:48 -0400, Steve Bertrand
> articulated:
>
>> On 2010.04.11 11:57, Jerry wrote:
>>> I am using IPFW on a FreeBSD-7.3 machine. Presently, I am loading
>>> several tables for IPFW. So far, I have just keep the data for the
>>> tables in t
On 2010.04.11 11:57, Jerry wrote:
> I am using IPFW on a FreeBSD-7.3 machine. Presently, I am loading
> several tables for IPFW. So far, I have just keep the data for the
> tables in the actual "ipfw-rules" referenced in the 'rc.conf' file
> itself. What I would like to do is keep the data for thes
On Sat, Apr 3, 2010 at 6:29 AM, Carmel NY wrote:
> I am having an exceedingly hard time finding documentation on Fail2Ban
> on FreeBSD. In fact, documentation on Fail2Ban seems rather sparse to
> begin with.
>
> In any case, does Fail2Ban work with the IPFW firewall on FreeBSD? Does
> it do it na
On Sat, Apr 3, 2010 at 7:30 AM, Carmel NY wrote:
>
>
> Nothing at all, I am just exploring other avenues. Fail2Ban can
> potentially block more attacks than denyhosts can though.
>
In what way? denyhosts can do more than simply ssh monitoring/blocking. It
has a plugin system for extensibility.
On Sat, 3 Apr 2010 06:49:33 -0600, Adam Vande More
articulated:
> On Sat, Apr 3, 2010 at 4:29 AM, Carmel NY
> wrote:
>
> > I am having an exceedingly hard time finding documentation on
> > Fail2Ban on FreeBSD. In fact, documentation on Fail2Ban seems
> > rather sparse to begin with.
> >
> > In
On Sat, Apr 3, 2010 at 4:29 AM, Carmel NY wrote:
> I am having an exceedingly hard time finding documentation on Fail2Ban
> on FreeBSD. In fact, documentation on Fail2Ban seems rather sparse to
> begin with.
>
> In any case, does Fail2Ban work with the IPFW firewall on FreeBSD? Does
> it do it na
I've seen the same, see: http://forums.freebsd.org/showthread.php?p=75765
--
Regards,
T. Koeman, MTh/BSc/BPsy; Technical Monk
MediaMonks B.V. (www.mediamonks.com)
Please quote all replies in correspondence.
> -Original Message-
> From: owner-freebsd-questi...@freebsd.org [mailto:owner-f
Thanks Peter,
will give that a try.
regards
Tongai
Peter wrote:
Hi guys,
I have searched everywhere and failed to find a solution, hence I write
you.
I have installed 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:02:08
UTC 2009 r...@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERI
On 26 March 2010 08:02, Peter wrote:
> > Hi guys,
> >
> > I have searched everywhere and failed to find a solution, hence I write
> > you.
> > I have installed 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:02:08
> > UTC 2009 r...@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC
> > amd6
> Hi guys,
>
> I have searched everywhere and failed to find a solution, hence I write
> you.
> I have installed 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:02:08
> UTC 2009 r...@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC
> amd64
> together with ipfw. The problem I have is this, i
Hello
Sorry for the delay. I read again the man page an used the example which
is described there and, how every, now it works as expected (I tried it
many, many times). Thank again.
Regards,
Êîíüêîâ Åâãåíèé schrieb:
Hello, Martin.
First of all you must decide you want your shaper rule ac
Hello, Martin.
First of all you must decide you want your shaper rule act as allow
rule or not:
kes# sysctl -a | grep one_pass
net.inet.ip.fw.one_pass: 0 or 1
man ipfw
pipe pipe_nr
Pass packet to a dummynet(4) ``pipe'' (for bandwidth limitation,
delay, etc.). See t
2009/11/4 Alex Teslik
> Hi List,
>
> I'm having trouble with mail deliveries. I'm getting lots of error
> messages like:
>
> timeout writing message to mx3.comcast.net.: Broken pipe
> timeout writing message to mailserver2.telmex.net.co.: Resource
> temporarily
> unavailable
>
> After looking e
1 - 100 of 792 matches
Mail list logo
