From owner-freebsd-questions@FreeBSD.ORG Tue Apr 25 17:19:09 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DCC8416A400 for ; Tue, 25 Apr 2006 17:19:09 +0000 (UTC) (envelope-from bulk_mail@siegel-tech.net) Received: from smtp107.plus.mail.mud.yahoo.com (smtp107.plus.mail.mud.yahoo.com [68.142.206.240]) by mx1.FreeBSD.org (Postfix) with SMTP id 8423D43D45 for ; Tue, 25 Apr 2006 17:19:09 +0000 (GMT) (envelope-from bulk_mail@siegel-tech.net) Received: (qmail 23570 invoked from network); 25 Apr 2006 17:19:08 -0000 Received: from unknown (HELO ?192.168.1.108?) (aaronjsiegel@209.180.252.119 with plain) by smtp107.plus.mail.mud.yahoo.com with SMTP; 25 Apr 2006 17:19:08 -0000 From: Aaron Siegel To: questions@freebsd.org Date: Tue, 25 Apr 2006 11:19:07 -0600 User-Agent: KMail/1.8.3 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200604251119.07640.bulk_mail@siegel-tech.net> Cc: Subject: ipfilter rule will not load X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: aj@siegel-tech.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Apr 2006 17:19:10 -0000 Hello I cannot get ipfilter to load any rules. When I type in the iptest command I receive the following output: # ipftest no rules loaded I used the example found in the /usr/share/examples directory I am unable to load the firewall. I have tried to load the file though # ipf -Fa -f /etc/ipf.rules I have posted my configuration bellow Thank you Aaron Kernel #IPFILTER options IPFILTER options IPFILTER_LOG #options IPFILTER_DEFAULT_BLOCK /etc/rc.conf ipfilter_enable="YES" ipfilter_rules="/etc/ipf.rules" ipmon_enable="YES" ipmon_flags="-Dsn" ipnat_enable="YES" ipnat_rules="/etc/ipnat.rules" /etc/syslog.conf security.* /var/log/ipfilter.log security.info /var/log/firewall.info security.notice /var/log/firewall.notice security.warning /var/log/firewall.warning security.err /var/log/firewall.err /etc/ipf.rules (small excerpt)# Allow in standard www function because I have apache server pass in quick on dc0 proto tcp from any to any port = 80 flags S keep state pass in quick on dc0 proto udp from any to any port = 80 keep state # Allow access to the zope server 8080 pass in quick on dc0 proto tcp from any to any port = 8080 flags S keep state pass in quick on dc0 proto udp from any to any port = 8080 keep state # Allow in non-secure Telnet session from public Internet # labeled non-secure because ID/PW passed over public Internet as clear text. # Delete this sample group if you do not have telnet server enabled. #pass in quick on dc0 proto tcp from any to any port = 23 flags S keep state #pass in quick on dc0 porto udp from any to any port = 23 keep state # Allow in secure FTP, Telnet, and SCP from public Internet # This function is using SSH (secure shell) pass in quick on dc0 proto tcp from any to any port = 22 flags S keep state pass in quick on dc0 proto udp from any to any port = 22 keep state # Block and log only first occurrence of all remaining traffic # coming into the firewall. The logging of only the first # occurrence stops a .denial of service. attack targeted # at filling up your log file space. # This rule enforces the block all by default logic. block in log first quick on dc0 all