From owner-freebsd-security Thu Jun 7 9:39:47 2001 Delivered-To: freebsd-security@freebsd.org Received: from internethelp.ru (wh.internethelp.ru [212.113.112.145]) by hub.freebsd.org (Postfix) with ESMTP id 9901037B401 for ; Thu, 7 Jun 2001 09:39:42 -0700 (PDT) (envelope-from nkritsky@internethelp.ru) Received: from ibmka (ibmka.internethelp.ru. [192.168.0.6]) by internethelp.ru (8.9.3/8.9.3) with SMTP id UAA44345; Thu, 7 Jun 2001 20:39:37 +0400 (MSD) Message-ID: <00f501c0ef70$6fdbb820$0600a8c0@ibmka.internethelp.ru> From: "Nickolay A. Kritsky" To: "Marcel Dijk" , Subject: Re: IPFW rules > ports still open! Date: Thu, 7 Jun 2001 20:39:35 +0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Do you mean, that when you uncomment rules 575 and 600, everything works just fine, or it does not help much? Good Luck NKritsky - SysAdmin InternetHelp.Ru http://www.internethelp.ru e-mail: nkritsky@internethelp.ru -----Original Message----- From: Marcel Dijk To: freebsd-security@FreeBSD.ORG Date: 7 èþíÿ 2001 ã. 20:05 Subject: IPFW rules > ports still open! >Hello, > >i have tried to make a good firewall but I have some problems. This is my >rc.firewall.rules file. > >add 500 allow all from 192.168.0.0/16 to any >add 525 allow all from any to 192.168.0.0/16 > >#add 575 allow ip from any to MY_IP >#add 600 allow ip from MY_IP to any > >add 615 allow tcp from any to MY_IP 22,5618,10000 >add 625 allow tcp from MY_IP to any > >add 650 allow udp from any to MY_IP >add 700 allow udp from MY_IP to any > >add 800 allow icmp from any to MY_IP >add 750 allow icmp from MY_IP to any > >(MY_IP is my internet IP address. I have blocked it for abvious reasons) > >The problem is that I can't access the services that I have allowed. For >example I can't access the service that's behind port 22 on MY_IP. >Why is this? If I allow IP from any to MY_IP and allow ip from MY_IP to any >all ports are open. And that;s just what I don't want. > >I hope you guys fill me and can help me. > >Thanks, I can't seem to solve this one. > >Marcel > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message