From owner-freebsd-questions@FreeBSD.ORG Sun Jan 16 19:33:50 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 952B016A4CE for ; Sun, 16 Jan 2005 19:33:50 +0000 (GMT) Received: from viefep11-int.chello.at (viefep11-int.chello.at [213.46.255.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 76E9743D46 for ; Sun, 16 Jan 2005 19:33:49 +0000 (GMT) (envelope-from gabor.kovesdan@freemail.hu) Received: from hyperduron ([80.99.33.169]) by viefep11-int.chello.at (InterMail vM.6.01.04.01 201-2131-118-101-20041129) with ESMTP id <20050116193347.WMON10341.viefep11-int.chello.at@hyperduron>; Sun, 16 Jan 2005 20:33:47 +0100 From: "=?iso-8859-2?B?S/Z2ZXNk4W4gR+Fib3I=?=" To: "'Erik Norgaard'" Date: Sun, 16 Jan 2005 20:34:08 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Thread-Index: AcT7+QFFRyZmAzLlSNOuZ9JpnGwlnwABwY1g In-Reply-To: <41EAB1FD.1030508@locolomo.org> Message-Id: <20050116193347.WMON10341.viefep11-int.chello.at@hyperduron> cc: freebsd-questions@freebsd.org Subject: RE: IPF firewalling X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: gabor.kovesdan@freemail.hu List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Jan 2005 19:33:50 -0000 Hello, Thanks for your answer, I've modified my rules as You suggested, but I haven't made groups yet. Thus the new ruleset is: # I don't want to filter outgoing packets pass out quick all # The incoming packets for dhcp, dns, ssh, mail, ftp, www pass in quick on rl0 proto udp from any to any port =3D 68 keep state = keep frags pass in quick on rl0 proto udp from any to any port =3D 53 keep state = keep frags pass in quick on rl0 proto tcp from any to any port =3D 53 flags S keep = state keep frags pass in quick on rl0 proto tcp from any to any port =3D 22 flags S keep = state keep frags pass in quick on rl0 proto tcp from any to any port =3D 25 flags S keep = state keep frags pass in quick on rl0 proto tcp from any to any port =3D 21 flags S keep = state keep frags pass in quick on rl0 proto tcp from any to any port =3D 20 flags S keep = state keep frags pass in quick on rl0 proto tcp from any to any port =3D 80 flags S keep = state keep frags # Some advanced stuff - will be set later #block return-rst in log quick on rl0 proto tcp from any to any #block return-icmp-as-dest(port-unr) in log quick on rl0 proto udp from = any to any #block in quick on rl0 all # Allow everything for the loopback interface pass in quick on lo0 all pass out quick on lo0 all I ran the ipf -Fa && ipf -f /etc/ipf.rules2 command (ipf.rules2 is this ruleset) via ssh, but then my connection closed, and I was unable to reconnect via ssh until flushing the rules and loading this ruleset: pass in all pass out all Best wishes, G=E1bor K=F6vesd=E1n