From owner-freebsd-security@FreeBSD.ORG Thu Oct 27 06:17:16 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5905316A41F for ; Thu, 27 Oct 2005 06:17:16 +0000 (GMT) (envelope-from ray@redshift.com) Received: from mail.quickmeet.com (quickmeet.com [216.228.17.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2112643D46 for ; Thu, 27 Oct 2005 06:17:16 +0000 (GMT) (envelope-from ray@redshift.com) Received: from workstation (workstation [192.168.20.250]) by mail.quickmeet.com (Postfix) with SMTP id A5E9F17032; Wed, 26 Oct 2005 22:50:03 -0700 (PDT) Message-Id: <3.0.1.32.20051026231719.00a842c0@pop.redshift.com> X-Mailer: na X-Sender: redshift.com Date: Wed, 26 Oct 2005 23:17:19 -0700 To: John Fitzgerald From: ray@redshift.com In-Reply-To: <5e49673f0510261012u3ebd85b7if50abd2bbed150f6@mail.gmail.co m> References: <5e49673f0510261001o10ccb473m6c363d651fa78a6c@mail.gmail.com> <3.0.1.32.20051026094825.00d41100@pop.redshift.com> <5e49673f0510261001o10ccb473m6c363d651fa78a6c@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Cc: freebsd-security@freebsd.org Subject: Re: ipf stopped working on 5.3 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Oct 2005 06:17:16 -0000 At 01:12 PM 10/26/2005 -0400, John Fitzgerald wrote: | Another strange symptom is that if I ipf -D and then ipf -E -f | /etc/ipf.rules, my terminal (I'm remote) will freeze and I'll be forced to | power cycle the server, after which time it will come back up (with no rules | running). I'm assuming that after the ipf -E -f /etc/ipf.rules somehow the | firewall stops all traffic since apache won't respond to web requests | either. | | As a side note, I did put the sshd server listening on an obscure port so it | should take awhile for the bots to find it. The ipf.rules I left at 22 as a | testament to it not working. However this obviously isn't a permanent | solution as I should be able to get ipf working. after you make changes to ipf.rules, you should restart ipf like this: ipf -F a && ipf -f /etc/ipf.rules -F will flush your old rules, whereas ipf -D will disable ipf. Try the line above and see if your SSH session remains active after you make changes, etc. Ray