Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 16 Jan 2005 20:34:08 +0100
From:      "=?iso-8859-2?B?S/Z2ZXNk4W4gR+Fib3I=?=" <gabor.kovesdan@freemail.hu>
To:        "'Erik Norgaard'" <norgaard@locolomo.org>
Cc:        freebsd-questions@freebsd.org
Subject:   RE: IPF firewalling
Message-ID:  <20050116193347.WMON10341.viefep11-int.chello.at@hyperduron>
In-Reply-To: <41EAB1FD.1030508@locolomo.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hello,

Thanks for your answer, I've modified my rules as You suggested, but I
haven't made groups yet. Thus the new ruleset is:

# I don't want to filter outgoing packets
pass out quick all

# The incoming packets for dhcp, dns, ssh, mail, ftp, www
pass in quick on rl0 proto udp from any to any port =3D 68 keep state =
keep
frags
pass in quick on rl0 proto udp from any to any port =3D 53 keep state =
keep
frags
pass in quick on rl0 proto tcp from any to any port =3D 53 flags S keep =
state
keep frags
pass in quick on rl0 proto tcp from any to any port =3D 22 flags S keep =
state
keep frags
pass in quick on rl0 proto tcp from any to any port =3D 25 flags S keep =
state
keep frags
pass in quick on rl0 proto tcp from any to any port =3D 21 flags S keep =
state
keep frags
pass in quick on rl0 proto tcp from any to any port =3D 20 flags S keep =
state
keep frags
pass in quick on rl0 proto tcp from any to any port =3D 80 flags S keep =
state
keep frags

# Some advanced stuff - will be set later
#block return-rst in log quick on rl0 proto tcp from any to any
#block return-icmp-as-dest(port-unr) in log quick on rl0 proto udp from =
any
to any
#block in quick on rl0 all

# Allow everything for the loopback interface
pass in quick on lo0 all
pass out quick on lo0 all



I ran the ipf -Fa && ipf -f /etc/ipf.rules2 command (ipf.rules2 is this
ruleset) via ssh, but then my connection closed, and I was unable to
reconnect via ssh until flushing the rules and loading this ruleset:

pass in all
pass out all



Best wishes,

G=E1bor K=F6vesd=E1n

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050116193347.WMON10341.viefep11-int.chello.at>