From owner-freebsd-questions@FreeBSD.ORG  Thu Aug 11 20:28:53 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CBB8916A41F
	for <freebsd-questions@freebsd.org>;
	Thu, 11 Aug 2005 20:28:53 +0000 (GMT)
	(envelope-from annkok2001@yahoo.com)
Received: from web53315.mail.yahoo.com (web53315.mail.yahoo.com
	[206.190.49.105])
	by mx1.FreeBSD.org (Postfix) with SMTP id 473DE43D46
	for <freebsd-questions@freebsd.org>;
	Thu, 11 Aug 2005 20:28:53 +0000 (GMT)
	(envelope-from annkok2001@yahoo.com)
Received: (qmail 69491 invoked by uid 60001); 11 Aug 2005 20:28:52 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com;
	h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
	b=QW19wnXX8gHUD+BvASh2dOXbHIWQy9Uph36TI1rZ8Rm2QEzPCi/OwnDwY88cfCdWQwzvpLGXcuMzGcPaWXbXhCQX3BQMk5MhzsVZwReHJ40i+ANHuS7xBNtSEa2jNKITM3eUC/em/Q1fJDLnn6WR7u+qj7E+kdmAQAJH9roIK5E=
	; 
Message-ID: <20050811202852.69489.qmail@web53315.mail.yahoo.com>
Received: from [66.49.254.13] by web53315.mail.yahoo.com via HTTP;
	Thu, 11 Aug 2005 13:28:52 PDT
Date: Thu, 11 Aug 2005 13:28:52 -0700 (PDT)
From: ann kok <annkok2001@yahoo.com>
To: freebsd-questions@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Subject: what is wrong for my ipfw? and how intruder can do it?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Aug 2005 20:28:53 -0000

Hi all

I am using freebsd 4.11 as router and run ipfw
I has ipfw rules to restrict ssh access from all
interfaces 

eg: ipfw add 22 deny log tcp from any to x.x.x.x/32 22


The firewall rule is fine when testing from outside
and can get info from /var/log/security
Deny TCP x.x.x.x:20411 x.x.x.x:22 in via dc0


But I don't know that ip can bypass the ipfw firewall
rule and can access the computer. 
Finally it was blocked by tcpwrapper. I got this from
/var/log/messages


Aug 09 06:10:29 firewall sshd[51057]: refused connect
from x.x.x.137 (x.x.x.137)

what is wrong for my ipfw? and how intruder can do it?

do you have any ideas?

Thank you

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com