Date: 10 Jul 2001 04:19:16 -0400 From: Arcady Genkin <antipode@thpoon.com> To: freebsd-questions@freebsd.org Subject: IPF questions Message-ID: <87g0c5p56j.fsf@tea.thpoon.com>
next in thread | raw e-mail | index | archive | help
I have three questions about my IPF setup. ,----[ ipf.log ] | 10/07/2001 03:20:48.425070 ed0 @0:35 b 24.43.35.1 -> \ | 224.0.0.1 PR igmp len 24 (32) IN | 10/07/2001 02:48:14.026728 ed0 @0:34 b 205.188.153.100,4000 -> \ | 24.42.104.72,15116 PR udp len 20 49 IN `---- 1. Above are two lines from my IPF log. The first line comes over and over again. I can't really understand what it's telling me. Would anyone help me parse it? Neither of the two IP addys has anything to do with my internal or external IP addresses. 2. The second line in the log excerpt is some blocked UDP traffic from the ICQ server. I guess I don't really want to block it. I'm allowing all tcp and udp traffic out, keeping state; obviously that's not enough. What's the best way to avoid dropping those packets? 3. Is the "pass in ... proto icmp ... icmp-type 8" the correct way of allowing the box to be pinged? (See my ipf rules below). 4. Any other coments on my IPF rules? Many thanks in advance! These are the ipf rules I'm using (with the IP spoofing protection taken out for brevity). All services except SSH are port-forwarded to a sever on internal network, using IPNAT. Port range 6301..6350 is forwarded to my workstation for use by ICQ client. Ports 6401..6405 are forwarded to various internal computers' SSH ports for easy access from the outside. Sorry about the long lines. Best viewed at window size 95xN. :) pass in quick on ed0 proto tcp from any to any port = 22 flags S keep frags keep state pass in quick on ed0 proto tcp from any to any port = 25 flags S keep frags keep state pass in quick on ed0 proto tcp from any to any port = 80 flags S keep frags keep state pass in quick on ed0 proto tcp from any to any port = 443 flags S keep frags keep state pass in quick on ed0 proto tcp from any to any port = 993 flags S keep frags keep state pass in quick on ed0 proto tcp from any to any port = 995 flags S keep frags keep state pass in quick on ed0 proto tcp from any to any port 6300 <> 6351 flags S keep frags keep state pass in quick on ed0 proto tcp from any to any port 6400 <> 6406 flags S keep frags keep state pass in quick on ed0 proto icmp from any to any icmp-type 8 keep state block return-rst in log quick on ed0 proto tcp all block return-icmp-as-dest(port-unr) in log quick on ed0 proto udp all block in log quick on ed0 all pass out quick on ed0 proto tcp from any to any flags S keep frags keep state pass out quick on ed0 proto udp from any to any keep state pass out quick on ed0 proto icmp from any to any keep state block out log quick on ed0 all -- Arcady Genkin i=1; while 1, hilb(i); i=i+1; end To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87g0c5p56j.fsf>