Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 7 Jun 2001 20:39:35 +0400
From:      "Nickolay A. Kritsky" <nkritsky@internethelp.ru>
To:        "Marcel Dijk" <nascar24@home.nl>, <freebsd-security@FreeBSD.ORG>
Subject:   Re: IPFW rules > ports still open!
Message-ID:  <00f501c0ef70$6fdbb820$0600a8c0@ibmka.internethelp.ru>
next in thread | raw e-mail | index | archive | help 
Do you mean, that when you uncomment rules 575 and 600, everything works just fine, or it does not help much?

Good Luck
NKritsky - SysAdmin InternetHelp.Ru
http://www.internethelp.ru
e-mail: nkritsky@internethelp.ru

-----Original Message-----
From: Marcel Dijk <nascar24@home.nl>
To: freebsd-security@FreeBSD.ORG <freebsd-security@FreeBSD.ORG>
Date: 7 èþíÿ 2001 ã. 20:05
Subject: IPFW rules > ports still open!


>Hello,
>
>i have tried to make a good firewall but I have some problems. This is my
>rc.firewall.rules file.
>
>add 500 allow all from 192.168.0.0/16 to any
>add 525 allow all from any to 192.168.0.0/16
>
>#add 575 allow ip from any to MY_IP
>#add 600 allow ip from MY_IP to any
>
>add 615 allow tcp from any to MY_IP 22,5618,10000
>add 625 allow tcp from MY_IP to any
>
>add 650 allow udp from any to MY_IP
>add 700 allow udp from MY_IP to any
>
>add 800 allow icmp from any to MY_IP
>add 750 allow icmp from MY_IP to any
>
>(MY_IP is my internet IP address. I have blocked it for abvious reasons)
>
>The problem is that I can't access the services that I have allowed. For
>example I can't access the service that's behind port 22 on MY_IP.
>Why is this? If I allow IP from any to MY_IP and allow ip from MY_IP to any
>all ports are open. And that;s just what I don't want.
>
>I hope you guys fill me and can help me.
>
>Thanks, I can't seem to solve this one.
>
>Marcel
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00f501c0ef70$6fdbb820$0600a8c0>