From owner-freebsd-security@FreeBSD.ORG Thu Oct 27 14:30:59 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B365116A41F for ; Thu, 27 Oct 2005 14:30:59 +0000 (GMT) (envelope-from avalon@caligula.anu.edu.au) Received: from caligula.anu.edu.au (caligula.anu.edu.au [150.203.224.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2795343D45 for ; Thu, 27 Oct 2005 14:30:58 +0000 (GMT) (envelope-from avalon@caligula.anu.edu.au) Received: from caligula.anu.edu.au (localhost [127.0.0.1]) by caligula.anu.edu.au (8.12.9/8.12.9) with ESMTP id j9REUvOw011635; Fri, 28 Oct 2005 00:30:57 +1000 (EST) Received: (from avalon@localhost) by caligula.anu.edu.au (8.12.9/8.12.8/Submit) id j9REUuYG011625; Fri, 28 Oct 2005 00:30:56 +1000 (EST) From: Darren Reed Message-Id: <200510271430.j9REUuYG011625@caligula.anu.edu.au> To: ray@redshift.com Date: Fri, 28 Oct 2005 00:30:56 +1000 (Australia/ACT) In-Reply-To: <3.0.1.32.20051026231719.00a842c0@pop.redshift.com> from "ray@redshift.com" at Oct 26, 2005 11:17:19 PM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org, John Fitzgerald Subject: Re: ipf stopped working on 5.3 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Oct 2005 14:30:59 -0000 In some mail from ray@redshift.com, sie said: > > At 01:12 PM 10/26/2005 -0400, John Fitzgerald wrote: > | Another strange symptom is that if I ipf -D and then ipf -E -f > | /etc/ipf.rules, my terminal (I'm remote) will freeze and I'll be forced to > | power cycle the server, after which time it will come back up (with no rules > | running). I'm assuming that after the ipf -E -f /etc/ipf.rules somehow the > | firewall stops all traffic since apache won't respond to web requests > | either. > | > | As a side note, I did put the sshd server listening on an obscure port so it > | should take awhile for the bots to find it. The ipf.rules I left at 22 as a > | testament to it not working. However this obviously isn't a permanent > | solution as I should be able to get ipf working. > > after you make changes to ipf.rules, you should restart ipf like this: > > ipf -F a && ipf -f /etc/ipf.rules many do it like this: # test new rules for 30 seconds ipf -If /etc/ipf.rules -s && sleep 30 && ipf -s The '-I' tells ipf to load /etc/ipf.rules into the "inactive set" of rules and "-s" says switch active set. You can flush inactive rules too: ipf -iFa and dump them out: ipfstat -Iio (IPFilter pioneered this idea) Darren