From owner-freebsd-questions@FreeBSD.ORG Thu Sep 30 06:34:02 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EF63216A4CE for ; Thu, 30 Sep 2004 06:34:02 +0000 (GMT) Received: from inertia.drifthost.com (inertial.drifthost.com [66.90.101.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id A662943D5C for ; Thu, 30 Sep 2004 06:34:02 +0000 (GMT) (envelope-from steve@drifthost.com) Received: from drift by inertia.drifthost.com with local (Exim 4.42 (FreeBSD)) id 1CCuVC-000ACq-9l for freebsd-questions@freebsd.org; Thu, 30 Sep 2004 16:33:18 +1000 Received: from 61.88.244.4 ([61.88.244.4]) (SquirrelMail authenticated user steve@drifthost.com); by drifthost.com with HTTP; Thu, 30 Sep 2004 16:33:18 +1000 (EST) Message-ID: <58844.61.88.244.4.1096525998.squirrel@61.88.244.4> In-Reply-To: <415BA1A3.3010608@optonline.net> References: <415BA1A3.3010608@optonline.net> Date: Thu, 30 Sep 2004 16:33:18 +1000 (EST) From: steve@drifthost.com To: freebsd-questions@freebsd.org User-Agent: SquirrelMail/1.4.3a X-Mailer: SquirrelMail/1.4.3a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - inertia.drifthost.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [1029 1029] / [26 6] X-AntiAbuse: Sender Address Domain - drifthost.com X-Source: X-Source-Args: X-Source-Dir: Subject: IPFW Problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Sep 2004 06:34:03 -0000 Hi, I am tryin to setup my Firewall on my server, so far i have the following. =========================================================== oif=bge0 fwcmd=ipfw $fwcmd -f flush $fwcmd add check-state $fwcmd add allow ip from any to any via lo0 $fwcmd add deny ip from any to 127.0.0.0/8 $fwcmd add deny all from any to any frag in via $oif $fwcmd add allow tcp from any to me 21,25,26,53,110,143,443,465,953,993,995,2082,2083,2086,2087,2089,2095,2096,2627,6666,40000-49452 in via $oif keep-state setup $fwcmd add allow tcp from any to me 80 setup keep-state $fwcmd add allow udp from me 53 to any keep-state $fwcmd add allow udp from any to any 53 keep-state $fwcmd add allow all from me to any out via $oif setup keep-state $fwcmd add deny all from any to any 137,138,139,67,68 in $fwcmd add deny log all from me to any 22 $fwcmd add deny log all from any to any ====================================================== When i turn the firewall on i am getting this in my /var/log/security ======================================================== Sep 30 16:30:48 inertia kernel: ipfw: 1200 Deny TCP SOMECLIENT:2858 MYIP:80 in via bge0 Sep 30 16:30:48 inertia kernel: ipfw: 1200 Deny TCP SOMECLIENT:2864 MYIP:80 in via bge0 Sep 30 16:30:48 inertia kernel: ipfw: 1200 Deny TCP SOMECLIENT:2858 MYIP:80 in via bge0 Sep 30 16:30:48 inertia kernel: ipfw: 1200 Deny TCP MYIP:80 SOMECLIENT:1431 out via bge0 Sep 30 16:30:49 inertia kernel: ipfw: 1200 Deny TCP MYIP:80 SOMECLIENT:2694 out via bge0 Sep 30 16:30:49 inertia kernel: ipfw: 1200 Deny TCP MYIP:80 SOMECLIENT:3059 out via bge0 Sep 30 16:30:49 inertia kernel: ipfw: 1200 Deny TCP MYIP:80 SOMECLIENT:33077 out via bge0 Sep 30 16:30:49 inertia kernel: ipfw: 1200 Deny TCP MYIP:80 SOMECLIENT:33130 out via bge0 ============================================================== I am unsure to why i am getting theses, its like the check-state command is half working.. I can still browse my web server fine but im still getting theses messages. Anyone got any ideas? Thanks Steve