From owner-freebsd-questions@FreeBSD.ORG Wed Aug 13 07:51:37 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0B9A837B401 for ; Wed, 13 Aug 2003 07:51:37 -0700 (PDT) Received: from mail3.ruraltel.net (mail3.ruraltel.net [24.225.0.36]) by mx1.FreeBSD.org (Postfix) with SMTP id F080443F75 for ; Wed, 13 Aug 2003 07:51:35 -0700 (PDT) (envelope-from darryl@osborne-ind.com) Received: (qmail 8107 invoked by uid 204); 13 Aug 2003 14:51:35 -0000 Received: from darryl@osborne-ind.com by mail3.ruraltel.net by uid 201 with qmail-scanner-1.14 (. spamassassin: 2.55. Clear:SA:0(-5.1/5.0):. Processed in 3.450983 secs); 13 Aug 2003 14:51:35 -0000 X-Qmail-Scanner-Mail-From: darryl@osborne-ind.com via mail3.ruraltel.net X-Qmail-Scanner: 1.14 (Clear:SA:0(-5.1/5.0):. Processed in 3.450983 secs) Received: from unknown (HELO darryl) (24.225.31.189) by 0 with SMTP; 13 Aug 2003 14:51:31 -0000 From: "Darryl Hoar" To: Date: Wed, 13 Aug 2003 09:53:40 -0500 Message-ID: <004201c361aa$afcd7c80$0701a8c0@darryl> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300 Importance: Normal X-Spam-Status: No, hits=-5.1 required=5.0 tests=AWL,BAYES_10 version=2.55 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) X-Spam-Report: -5.10 points, 5 required; ---- DoubleCheck Scoring by Rule * -4.7 -- BODY: Bayesian classifier says spam probability is 10 to 20% [score: 0.1603] * -0.4 -- AWL: Auto-whitelist adjustment ---- End of Matching Rules X-DCC-NIET-Metrics: spamd1.ruraltel.net 1080; Body=1 Fuz1=1 Fuz2=1 X-Pyzor: Reported 0 times. Subject: Blocking RIP requests on firewall X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: darryl@osborne-ind.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Aug 2003 14:51:37 -0000 Greetings, I have a FreeBSD 4.7S machine that is running IPFilter and is configured as a firewall. My external interface is xl0. I put block in quick on xl0 proto udp from 10.0.0.1 to any port = 520 reloaded the rules (by rebooting. I have it locked down). it still generates log entries in my firewall_log file. here is my ipf.rules file. ################################################################ # Outside Interface ################################################################ #--------------------------------------------------------------- # Allow out all TCP, UDP and ICMP traffic & keep state on it # so that it's allowed back in. #--------------------------------------------------------------- pass out quick on xl0 proto tcp from any to any keep state pass out quick on xl0 proto udp from any to any keep state pass out quick on xl0 proto icmp from any to any keep state block out quick on xl0 all #-------------------------------------------------------------- # Allow bootp traffic in from your ISP's DHCP server only #-------------------------------------------------------------- pass in quick on xl0 proto udp from 10.0.0.1/32 to any port = 68 keep state #----------------------------------------------------------------------- # Block and log all remaining traffic coming into the firewall # - Block TCP with a RST (to make it appear as if the service isn't listening # - Block UDP with an ICMP Port Unreachable (make it appear as if it isn't # listening) # - Block all remaining traffic the good 'ol fashioned way #------------------------------------------------------------------------ block return-rst in log quick on xl0 proto tcp from any to any block return-icmp-as-dest(port-unr) in log quick on xl0 proto udp from any to any block in quick on xl0 proto udp from 10.0.0.1 to any port = 520 block in log quick on xl0 all ########################################################################## # Inside Interface ########################################################################## #------------------------------------------------------------------------- # Allow out all TCP, UDP, and ICMP traffic & keep state #------------------------------------------------------------------------- pass out quick on xl1 proto tcp from any to any keep state pass out quick on xl1 proto udp from any to any keep state pass out quick on xl1 proto icmp from any to any keep state block out quick on xl1 all #------------------------------------------------------------------------ # Allow in all TCP, UDP and ICMP traffic and keep state #------------------------------------------------------------------------ pass in quick on xl1 proto tcp from any to any flags S pass in quick on xl1 proto udp from any to any keep state pass in quick on xl1 proto icmp from any to any keep state block in quick on xl1 all ######################################################################## # Loopback Interface ######################################################################## #---------------------------------------------------------------------- # Alow everything to/from your loopback interface so you # can ping yourself (e.g ping localhost) #--------------------------------------------------------------------- pass in quick on lo0 all pass out quick on lo0 all thanks in advance. -Darryl