From owner-freebsd-current Tue Jan 25 21:23:25 2000 Delivered-To: freebsd-current@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 8BBEB14D86; Tue, 25 Jan 2000 21:23:23 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 7A73E1CD66D; Tue, 25 Jan 2000 21:23:23 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Tue, 25 Jan 2000 21:23:23 -0800 (PST) From: Kris Kennaway To: keramida@ceid.upatras.gr Cc: current@FreeBSD.ORG Subject: Re: ipfilter and ipfstat In-Reply-To: <20000125051418.A62880@charon.hell.gr> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 25 Jan 2000, the Webslave wrote: > > Okay, so I finally decided to take the plunge and check out ipfilter. ipf > > seemed to load my ruleset with no problems, but ipfstat dies with: > > > > ioctl(SIOCGETFS): Invalid argument > > And what would that ruleset be? > # Default to deny block in log on tun0 from any to any # Block unroutables block in quick on tun0 from 192.168.0.0/16 to any block in quick on tun0 from 172.16.0.0/12 to any block in quick on tun0 from 10.0.0.0/8 to any block in quick on tun0 from 127.0.0.0/8 to any # Allow us to initiate any outgoing connections pass out quick on tun0 proto tcp/udp from any to any keep state pass out quick on tun0 proto icmp from any to any keep state # Allow incoming trojans pass in quick on tun0 proto tcp from any to any port = 12345 flags S keep state keep frags pass in quick on tun0 proto udp from any to any port = 31337 keep state # Allow loopback pass out quick on lo0 pass in quick on lo0 Note that I haven't been able to test this ruleset for legitimacy yet because I can't interface with ipfstat :-) Kris ---- "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message