Date: Tue, 19 Jun 2001 11:47:27 +0200 From: "Karsten W. Rohrbach" <karsten@rohrbach.de> To: default013 - subscriptions <default013subscriptions@hotmail.com> Cc: freebsd-security@freebsd.org Subject: Re: IPFW newbie Message-ID: <20010619114726.D30037@mail.webmonster.de> In-Reply-To: <OE34va7DYaOqlOQq2vX00002c3c@hotmail.com>; from default013subscriptions@hotmail.com on Tue, Jun 19, 2001 at 02:11:01AM -0500 References: <OE34va7DYaOqlOQq2vX00002c3c@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--EY/WZ/HvNxOox07X Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable how about=20 options IPFILTER options IPFILTER_LOG in the kernel config and ipfilter_enable=3DYES ipfilter_flags=3D"" ipmon_enable=3DYES in /etc/rc.conf and pass in quick on INT proto tcp from ADM to SRV port =3D 22 as the first rule in /etc/ipf.rules where INT =3D interface name (fxp0, tx0, ...) ADM =3D ip of the workstation you want to log in from SRV =3D ip of your server the firewall runs on this gives you a dumbfire non-lockout rule regardless of the rest of the filter rules... /k default013 - subscriptions(default013subscriptions@hotmail.com)@2001.06.19 = 02:11:01 +0000: > Hi, >=20 > I'm about to compile IPFW into the kernel for the first time... and just = had > a quick question... also, if anyone has any tips I would appreciate it. > (this is going to be used on a webserver that runs everything from apache= to > shoutcast...) >=20 > I am going to compile it in using this option: > options IPFIREWALL_VERBOSE_LIMIT=3D10 >=20 > My question is, I connect to my box using an SSH session. The default for > IPFW is not to accept connections correct? So after my machine reboots wi= th > these new rules in place, will I have to set the IPFW rules in place so t= hat > I can once again open an SSH session to it again? Or how does that work... >=20 > Thanks >=20 > Jordan >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message --=20 > "The path of excess leads to the tower of wisdom." --W. Blake KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.n= et/ karsten&rohrbach.de -- alpha&ngenn.net -- alpha&scene.org -- catch@spam.de GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 B= F46 --EY/WZ/HvNxOox07X Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7Lx+uM0BPTilkv0YRAvMsAJwJ+kQBBUQHZE88Iunop0twkCZ+gQCfZ/Yu 9OdjHaCV5/KGiiAgtuU13Js= =iVXp -----END PGP SIGNATURE----- --EY/WZ/HvNxOox07X-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010619114726.D30037>