Date: Thu, 7 Jun 2001 20:39:35 +0400 From: "Nickolay A. Kritsky" <nkritsky@internethelp.ru> To: "Marcel Dijk" <nascar24@home.nl>, <freebsd-security@FreeBSD.ORG> Subject: Re: IPFW rules > ports still open! Message-ID: <00f501c0ef70$6fdbb820$0600a8c0@ibmka.internethelp.ru>
next in thread | raw e-mail | index | archive | help
Do you mean, that when you uncomment rules 575 and 600, everything works just fine, or it does not help much? Good Luck NKritsky - SysAdmin InternetHelp.Ru http://www.internethelp.ru e-mail: nkritsky@internethelp.ru -----Original Message----- From: Marcel Dijk <nascar24@home.nl> To: freebsd-security@FreeBSD.ORG <freebsd-security@FreeBSD.ORG> Date: 7 èþíÿ 2001 ã. 20:05 Subject: IPFW rules > ports still open! >Hello, > >i have tried to make a good firewall but I have some problems. This is my >rc.firewall.rules file. > >add 500 allow all from 192.168.0.0/16 to any >add 525 allow all from any to 192.168.0.0/16 > >#add 575 allow ip from any to MY_IP >#add 600 allow ip from MY_IP to any > >add 615 allow tcp from any to MY_IP 22,5618,10000 >add 625 allow tcp from MY_IP to any > >add 650 allow udp from any to MY_IP >add 700 allow udp from MY_IP to any > >add 800 allow icmp from any to MY_IP >add 750 allow icmp from MY_IP to any > >(MY_IP is my internet IP address. I have blocked it for abvious reasons) > >The problem is that I can't access the services that I have allowed. For >example I can't access the service that's behind port 22 on MY_IP. >Why is this? If I allow IP from any to MY_IP and allow ip from MY_IP to any >all ports are open. And that;s just what I don't want. > >I hope you guys fill me and can help me. > >Thanks, I can't seem to solve this one. > >Marcel > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00f501c0ef70$6fdbb820$0600a8c0>