Date: Tue, 19 Jun 2001 11:47:27 +0200 From: "Karsten W. Rohrbach" <karsten@rohrbach.de> To: default013 - subscriptions <default013subscriptions@hotmail.com> Cc: freebsd-security@freebsd.org Subject: Re: IPFW newbie Message-ID: <20010619114726.D30037@mail.webmonster.de> In-Reply-To: <OE34va7DYaOqlOQq2vX00002c3c@hotmail.com>; from default013subscriptions@hotmail.com on Tue, Jun 19, 2001 at 02:11:01AM -0500 References: <OE34va7DYaOqlOQq2vX00002c3c@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--EY/WZ/HvNxOox07X
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
how about=20
options IPFILTER
options IPFILTER_LOG
in the kernel config and
ipfilter_enable=3DYES
ipfilter_flags=3D""
ipmon_enable=3DYES
in /etc/rc.conf and
pass in quick on INT proto tcp from ADM to SRV port =3D 22
as the first rule in /etc/ipf.rules where
INT =3D interface name (fxp0, tx0, ...)
ADM =3D ip of the workstation you want to log in from
SRV =3D ip of your server the firewall runs on
this gives you a dumbfire non-lockout rule regardless of the rest of the
filter rules...
/k
default013 - subscriptions(default013subscriptions@hotmail.com)@2001.06.19 =
02:11:01 +0000:
> Hi,
>=20
> I'm about to compile IPFW into the kernel for the first time... and just =
had
> a quick question... also, if anyone has any tips I would appreciate it.
> (this is going to be used on a webserver that runs everything from apache=
to
> shoutcast...)
>=20
> I am going to compile it in using this option:
> options IPFIREWALL_VERBOSE_LIMIT=3D10
>=20
> My question is, I connect to my box using an SSH session. The default for
> IPFW is not to accept connections correct? So after my machine reboots wi=
th
> these new rules in place, will I have to set the IPFW rules in place so t=
hat
> I can once again open an SSH session to it again? Or how does that work...
>=20
> Thanks
>=20
> Jordan
>=20
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
--=20
> "The path of excess leads to the tower of wisdom." --W. Blake
KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie
http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.n=
et/
karsten&rohrbach.de -- alpha&ngenn.net -- alpha&scene.org -- catch@spam.de
GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 B=
F46
--EY/WZ/HvNxOox07X
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE7Lx+uM0BPTilkv0YRAvMsAJwJ+kQBBUQHZE88Iunop0twkCZ+gQCfZ/Yu
9OdjHaCV5/KGiiAgtuU13Js=
=iVXp
-----END PGP SIGNATURE-----
--EY/WZ/HvNxOox07X--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010619114726.D30037>