Date: Thu, 7 Jun 2001 19:08:29 +0200 From: "Marcel Dijk" <nascar24@home.nl> To: <freebsd-security@FreeBSD.ORG> Subject: Re: IPFW rules > ports still open! Message-ID: <02de01c0ef74$79397f70$0900a8c0@windows> References: <Pine.BSF.4.30_heb2.09.0106061220000.50496-100000@slis-two.lis.fsu.edu><009e01c0ef55$da422340$9201a8c0@home.net><1569370004.20010607180037@mail.spbnit.ru><0e4001c0ef5c$034299e0$241da8c0@ke.balt.net><20010607190013.4a57045e.nikolaj@mail.spbnit.ru><02ab01c0ef6b$b1002610$0900a8c0@windows> <42123753718.20010607201244@sandy.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
> If your address lies in 192.168.0.0/16 then first two rules allows to > access it. In IPFW rules are checked one-by-one before first matching > rule is found. You should add exclusive rules for you IP prior you > open whole network. No, I mean that with these rules I can't connect to for example my sshd. But I have openend the port with rule #615 & 625. And if I uncomment rule 575 & 600 all my ports are open. Marcel > Otherwise check > > IPFIREWALL_DEFAULT_TO_ACCEPT > > kernel option. > > --07.06.2001 20:05, you wrote IPFW rules > ports still open! to freebsd-security@FreeBSD.ORG; > > M> Hello, > > M> i have tried to make a good firewall but I have some problems. This is my > M> rc.firewall.rules file. > > M> add 500 allow all from 192.168.0.0/16 to any > M> add 525 allow all from any to 192.168.0.0/16 > > M> #add 575 allow ip from any to MY_IP > M> #add 600 allow ip from MY_IP to any > > M> add 615 allow tcp from any to MY_IP 22,5618,10000 > M> add 625 allow tcp from MY_IP to any > > M> add 650 allow udp from any to MY_IP > M> add 700 allow udp from MY_IP to any > > M> add 800 allow icmp from any to MY_IP > M> add 750 allow icmp from MY_IP to any > > M> (MY_IP is my internet IP address. I have blocked it for abvious reasons) > > M> The problem is that I can't access the services that I have allowed. For > M> example I can't access the service that's behind port 22 on MY_IP. > M> Why is this? If I allow IP from any to MY_IP and allow ip from MY_IP to any > M> all ports are open. And that;s just what I don't want. > > M> I hope you guys fill me and can help me. > > M> Thanks, I can't seem to solve this one. > > M> Marcel > > > M> To Unsubscribe: send mail to majordomo@FreeBSD.org > M> with "unsubscribe freebsd-security" in the body of the message > > > -- > Vladimir Dubrovin Service Center Coordinator > http://www.sandy.ru SANDY, ISP > http://www.security.nnov.ru Nizhny Novgorod, Russia > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?02de01c0ef74$79397f70$0900a8c0>