On Monday 17 December 2007 19:06:29 Gore Jarold wrote:
My main goal is to lock down my ipfw rules so that
when I run nmap, all I see is:
Interesting ports on 192.168.0.10:
Not shown: 1677 closed ports
PORTSTATE SERVICE
22/tcp open ssh
MAC Address: 00:12:D8:A2:23:C2
Nmap finished: 1
[EMAIL PROTECTED] wrote:
So basically the ruleset should be simple:
ipfw -f flush
# allow lo0 stuff
# block some spoofs/attacks
# if you are hosting gameservers from 192.168.17.3 or whatever,
# you should (manually) open server ports, in other words, add
# routes to 192.168.17.3 to specific
Jack Barnett wrote:
[EMAIL PROTECTED] wrote:
So basically the ruleset should be simple:
ipfw -f flush
# allow lo0 stuff
# block some spoofs/attacks
# if you are hosting gameservers from 192.168.17.3 or whatever,
# you should (manually) open server ports, in other words, add
# routes to
Bob Hall wrote:
On Fri, Nov 02, 2007 at 04:59:27AM -0500, Jack Barnett wrote:
I added this for a temporary fix:
${fwcmd} add pass all from any to any
I don't think that is the right answer; That allows to much in?
Yes.
I've tried these per the docs:
${fwcmd} add allow
Jack Barnett wrote:
Bob Hall wrote:
On Fri, Nov 02, 2007 at 04:59:27AM -0500, Jack Barnett wrote:
I added this for a temporary fix:
${fwcmd} add pass all from any to any
I don't think that is the right answer; That allows to much in?
Yes.
I've tried these per the docs:
Jack Barnett wrote:
Jack Barnett wrote:
Jack Barnett wrote:
Bob Hall wrote:
On Fri, Nov 02, 2007 at 04:59:27AM -0500, Jack Barnett wrote:
I added this for a temporary fix:
${fwcmd} add pass all from any to any
I don't think that is the right answer; That allows to much in?
On Fri, 02 Nov 2007 04:59:27 -0500
Jack Barnett [EMAIL PROTECTED] wrote:
Lots of people play games here and basically a pain to keep trying to
get these stupid things to work with individual rules for each.
I'm running FreeBSD 6.x with IPFW/natd
I get a dynamic IP from my ISP and the
RW wrote:
On Fri, 02 Nov 2007 04:59:27 -0500
Jack Barnett [1][EMAIL PROTECTED] wrote:
Lots of people play games here and basically a pain to keep trying to
get these stupid things to work with individual rules for each.
I'm running FreeBSD 6.x with IPFW/natd
I get a dynamic IP from my
On Fri, Nov 02, 2007 at 04:59:27AM -0500, Jack Barnett wrote:
I added this for a temporary fix:
${fwcmd} add pass all from any to any
I don't think that is the right answer; That allows to much in?
Yes.
I've tried these per the docs:
${fwcmd} add allow all from any to any out via
Jack Barnett wrote:
Jack Barnett wrote:
Bob Hall wrote:
On Fri, Nov 02, 2007 at 04:59:27AM -0500, Jack Barnett wrote:
I added this for a temporary fix:
${fwcmd} add pass all from any to any
I don't think that is the right answer; That allows to much in?
Yes.
I've
Hi, Jack, let's see.
Jack Barnett wrote:
Lots of people play games here and basically a pain to keep trying to
get these stupid things to work with individual rules for each.
I'm running FreeBSD 6.x with IPFW/natd
I get a dynamic IP from my ISP and the internal nic is 192.168.17.1
On Fri, Nov 02, 2007 at 10:59:04PM +0100, [EMAIL PROTECTED] wrote:
onet=`ifconfig xl0 | grep inet | awk '{print $6}'`
I'm not sure about this. Isn't the sixth word the broadcast address
(ending with .255)?
It's correct. I've been using this in my firewall file since FBSD
4.something.
Ok, i changed my original rules. I'm going to use both the ruleset you
recommended
and these ones (not at the same time though :). And see which one gives me the
least trouble.
greetings,
jurjen.
#!/bin/sh
ipfw -q flush
cmd=ipfw -q add
ks=keep-state
oif=ath0
#sort in en out packets
$cmd
Cool! thanks for the reply + suggestions!
I haven't had any trouble with my firewall blocking too much yet
(also didn't connect to the internet much yet :), but i'll think
about just allowing all out... on the other hand i like the idea
of just letting through out that i need (which isn't very
On 2006-12-16 18:01, Jurjen Middendorp [EMAIL PROTECTED] wrote:
I posted this to the freebsd-security list, but i believe that is not
the right list to this question (sorry! this is my first message to
the freebsd mailing-lists). I hope this is the right list! :) anyway:
I tried making a
RYAN vAN GINNEKEN wrote:
I know this has probably been posted 1000's of times but i would like to
set up a ipfw firewall i run many services on this machine. It acts as a
gateway for my network
APACHE web server
IMAP mail server
SMTP mail server
BIND name server
FTP server
also i would like to
On Thursday 04 March 2004 01:42, RYAN vAN GINNEKEN wrote:
I know this has probably been posted 1000's of times but i would like to
set up a ipfw firewall i run many services on this machine. It acts as a
gateway for my network
APACHE web server
80/TCP and perhaps 443/TCP
IMAP mail server
Articles based on solutions that I use:
http://www.kruijff.org/alex/index.php?dir=docs/FreeBSD/
On Tue, Feb 17, 2004 at 08:46:09PM -0800, Saint Aardvark the Carpeted wrote:
Peter Rosa disturbed my sleep to write:
please what's the difference between this ipfw rules:
${fwcmd} add 63000 deny
Peter Rosa disturbed my sleep to write:
please what's the difference between this ipfw rules:
${fwcmd} add 63000 deny ip from any to 0.0.0.255:0.0.0.255 in via ${oif}
This denies broadcasts coming in to your machine through the outside
interface. The rule number is specified here, and it's
Marwan Sultan disturbed my sleep to write:
I compiled ipfw to accept by default.
This is my ipfw list:
00050 divert 8668 ip from any to any via rl0
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
65000 allow ip
Marwan Sultan wrote:
a) lets say I want to deny everything except a range of IPs
starting from 192.168.1.1 to 192.168.1.50.
what rule set should be? how to set range of IPs? to pass
and deny rest of the C class. FreeBSD Doc's doesnot cover this?
or i didnot see.!
I would set
On Monday 19 January 2004 00:47, Andrew L. Gould wrote:
I can't seem to get the ipfw rules right for letting ssh clients access a
ssh server. I can use ssh on the server to connect to the client; but if I
try to connect from the client to the server, the operation times out.
I have my rules
On Sunday 18 January 2004 05:53 pm, Daan Vreeken [PA4DAN] wrote:
On Monday 19 January 2004 00:47, Andrew L. Gould wrote:
I can't seem to get the ipfw rules right for letting ssh clients access a
ssh server. I can use ssh on the server to connect to the client; but if
I try to connect from
Does portmap have to be enabled to connect to sshd?
Thanks,
Andrew Gould
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Andrew L. Gould wrote:
Does portmap have to be enabled to connect to sshd?
No
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
On Sunday 18 January 2004 05:53 pm, Daan Vreeken [PA4DAN] wrote:
You forgot the packets in the other direction... This should do the trick :
${fwcmd} add 00300 allow tcp from any to me 22
${fwcmd} add 00301 allow tcp from me 22 to any
grtz,
Daan
It worked.
Thanks,
Andrew Gould
On Sat, Oct 26, 2002 at 10:47:48PM +0100, Stacey Roberts wrote:
Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?]
From: Stacey Roberts [EMAIL PROTECTED]
To: D. Penev [EMAIL PROTECTED]
Cc: FreeBSD Questions [EMAIL PROTECTED]
Date: 26 Oct 2002 22:47:48 +0100
Hi,
Thanks
.
Hope this helps.
Stacey
On Sun, 2002-10-27 at 07:15, D. Penev wrote:
On Sat, Oct 26, 2002 at 10:47:48PM +0100, Stacey Roberts wrote:
Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?]
From: Stacey Roberts [EMAIL PROTECTED]
To: D. Penev [EMAIL PROTECTED]
Cc: FreeBSD
On Sun, Oct 27, 2002 at 10:50:47AM +, Stacey Roberts wrote:
Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?]
From: Stacey Roberts [EMAIL PROTECTED]
To: D. Penev [EMAIL PROTECTED]
Cc: FreeBSD Questions [EMAIL PROTECTED]
Date: 27 Oct 2002 10:50:47 +
Hi,
Here's
.
Cheers!
Stacey
On Sun, 2002-10-27 at 17:56, D. Penev wrote:
On Sun, Oct 27, 2002 at 10:50:47AM +, Stacey Roberts wrote:
Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?]
From: Stacey Roberts [EMAIL PROTECTED]
To: D. Penev [EMAIL PROTECTED]
Cc: FreeBSD Questions
On Mon, Oct 21, 2002 at 07:33:58PM +0100, Stacey Roberts wrote:
Subject: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?]
From: Stacey Roberts [EMAIL PROTECTED]
To: Andrew Boothman [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED],
FreeBSD Questions [EMAIL PROTECTED]
Date: 21 Oct 2002
Hi,
Thanks for the reply. I should mention that I've made some progress
with my efforts to set up a samba PDC for my Win2K clients.
First of all I am now able to successfully complete all tests in the
recommended DIAGNOSTICS.TXT at
http://hr.uoregon.edu/davidrl/DIAGNOSIS.txt, except:-
test 8:
- Original Message -
From: Grant Cooper [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Friday, October 11, 2002 5:10 PM
Subject: Re: ipfw rules
I am having the same problem. I now just allow ftp from certain IP
address's. But doesn't the second rule,
# /sbin/upfw
I am able to use cvsup with our firewall. The problem is when actually trying
to install the software using the make command since the make command tries to
fetch the source tarball from a remote server using ftp.
If you have a proxy server running, try putting FETCH_ENV variable into
At 05:52 PM 10.10.2002 -0400, [EMAIL PROTECTED] wrote:
Could anyone please tell me what ipfw rules need to be set in order to allow
software installation through the ports collection? I tried adding a rule to
allow ftp outbound and although I can ftp out, I still cannot fetch the
source
tarball
On Thursday, October 10, 2002, at 03:06 PM, Jack L. Stone wrote:
At 05:52 PM 10.10.2002 -0400, [EMAIL PROTECTED] wrote:
Could anyone please tell me what ipfw rules need to be set in order to allow
software installation through the ports collection? I tried adding a rule to
allow ftp outbound
36 matches
Mail list logo