Date: Wed, 2 Dec 2009 18:23:55 +0500 From: Asrai khn <asraikhn@gmail.com> To: freebsd-questions@freebsd.org Subject: Machine running ipf block TCP connections Message-ID: <5f0f8dba0912020523h1c41ae04ua781781f84dbea1e@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I have configured IPF based firewall on solaris 10, however for some reason which i do not understand the machine block all TCP connections after few hours of deploying the firewall rules. while blocked machine is not ping able nor I can SSH it, consequently i have to access it via console and have to disable the ipf. This machine is running Radius software and while machine blocking TCP connections UDP keep working which mean our dialup customers still able to dial our services. Below are the rules which I am using as far i can understand the 'keep state' thing is making the problem. # Pass through packets to and from localhost. pass out quick on lo0 pass in quick on lo0 # Allow a variety of individual hosts send any type of packet to this host. # pass in quick from xxx.xx.xxx.xxx/32 to any keep state pass in quick from xxx.xx.xxx.xxx/32 to any keep state # Allow all ICMP pass in quick proto icmp from any to any keep state # Allow all Radius pass in quick proto udp from any to any port = 1812 keep state pass in quick proto udp from any to any port = 1813 keep state # Allow FTP for mediation to collect files via FTP pass in quick proto tcp from 10.254.160.0/24 to any port = 20 keep state pass in quick proto tcp from 10.254.160.0/24 to any port = 21 keep state pass out quick from any to any keep state block in quick all ------------------- Any help will be highly appreciated, please reply me direct I am not subscribe to mailing list. Thanks.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5f0f8dba0912020523h1c41ae04ua781781f84dbea1e>