From owner-freebsd-security@FreeBSD.ORG Tue Oct 25 22:35:26 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9C0AB16A41F for ; Tue, 25 Oct 2005 22:35:26 +0000 (GMT) (envelope-from nathan.goulding@gmail.com) Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.197]) by mx1.FreeBSD.org (Postfix) with ESMTP id 06EED43D55 for ; Tue, 25 Oct 2005 22:35:25 +0000 (GMT) (envelope-from nathan.goulding@gmail.com) Received: by xproxy.gmail.com with SMTP id t4so45990wxc for ; Tue, 25 Oct 2005 15:35:25 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=ldaSeECjPzXRco2HodvIgGraLjdZUK8EXX7ZuhJGb2skdviVb0F3GTJwywEZkBfV5noya1eCpkpXwxbfeayah86K6C05LHUkcBXjCb/Tc66skV131khWnTrpo1/9fHVGZE+lcjlXYSA1WceRADs/QMCnIeDd5Az5+xb8+peY2W4= Received: by 10.65.244.16 with SMTP id w16mr141922qbr; Tue, 25 Oct 2005 15:35:25 -0700 (PDT) Received: by 10.65.119.12 with HTTP; Tue, 25 Oct 2005 15:35:25 -0700 (PDT) Message-ID: Date: Tue, 25 Oct 2005 18:35:25 -0400 From: Nathan Goulding To: list@rsnnv.com In-Reply-To: <20051025212826.B315143D76@mx1.FreeBSD.org> MIME-Version: 1.0 References: <5e49673f0510251032w38312bb7kb082b15d97d00082@mail.gmail.com> <20051025212826.B315143D76@mx1.FreeBSD.org> X-Mailman-Approved-At: Wed, 26 Oct 2005 17:14:45 +0000 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-security@freebsd.org Subject: Re: ipf stopped working on 5.3 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Oct 2005 22:35:26 -0000 ipf: IP Filter: v3.4.35 (336) Kernel: IP Filter: v3.4.35 Running: yes Log Flags: 0 =3D none set Default: pass all, Logging: available Active list: 0 Though it does show it as active, it won't process any rules. -JJ On 10/25/05, Chris Odell wrote: > > > I had this same problem and found out there is a parimeter that needs to > be added to the kernel config that was not needed previously. When I get > back to my office, I will look it up and send it to you. > > Chris Odell > > -----Original Message----- > From: owner-freebsd-security@freebsd.org > [mailto:owner-freebsd-security@freebsd.org] On Behalf Of John Fitzgerald > Sent: Tuesday, October 25, 2005 10:33 AM > To: freebsd-security@FreeBSD.org > Subject: ipf stopped working on 5.3 > > I've had ipf working on a few 5.3 servers for quite awhile. Not too long > ago > some developers had to do some coding work and were coming from dynamic > IP's. I (reluctantly) opened up SSH to the world. Immediately I started > seeing the attacks where bots of some sort would try to break in with a > variety of different users. > > So, I (thought) I closed it up again and told the developers to use a > dedicated proxy. They did, but I realized that I hadn't actually closed > things off. I was still getting attacked. I had tried, but ipf suddenly > wasn't working. Whenever I would change the firewall rules and ipf -D and > the ipf -E -f /etc/my.rules it would simply return: > > 1:ioctl(add/insert rule): No such process > > I didn't have the time to look into it at the time, but am now trying to > figure it out. Ipf is obviously not working and I don't know why. I have > tried recompiling the kernel a myriad of different ways. With/without > ipfw, > with/without ipsec, etc. All to no avail. Is this a bug, did I get hacked= ? > > I have googled this quite a bit and the only thing that I found was > possibly > a buildworld scenario where something got updated and it doesn't work now= . > I > didn't install src so I'm a bit out of luck on that one. > > FreeBSD 5.3-RELEASE > OpenSSH_3.8.1p1 FreeBSD-20040419, OpenSSL 0.9.7d 17 Mar 2004 > > Cheers, > JJ > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g > " > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g > " >