Date: Sat, 26 Jul 2003 11:53:50 +0100 From: Darren <darren@dazdaz.org> To: Michael Sierchio <kudzu@tenebras.com> Cc: freebsd-ipfw@freebsd.org Subject: Re[2]: no keep-state and and unpredictable ssh connections Message-ID: <2384322.20030726115350@dazdaz.org> In-Reply-To: <3F21F9E4.9060408@tenebras.com> References: <13347545536.20030726003910@dazdaz.org> <3F21F9E4.9060408@tenebras.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Michael, Saturday, July 26, 2003, 4:47:48 AM, you wrote: MS> Darren wrote: >> Hello freebsd-ipfw, >> >> I'm not using keep-state and yet ssh'ing into my FreeBSD 4.8-STABLE >> box does'nt happen every attempt, more like 1 attempt in every 15! >> Incoming ssh connection work fine when firewall is disabled. >> >> My ips obviously changed. This is my rc.firewall script. >> >> Greatly appreciate some guidance, i've read some docs, but am missing >> something. MS> Is this a firewall-router, or are you trying to protect the box itself? MS> (In other words, is $myip an address on this box?) There is no firewall-router in-between. $myip is an address on the box itself. MS> The ruleset could use some refactoring -- that's the polite word -- but MS> the direction depends on the answer to my question above. Fine. What would you change or refactor and why? If it should be ripped apart, can you please explain which bits and why? >> #!/bin/sh >> >> fwcmd="/sbin/ipfw" >> myip="11.11.203.114" MS> Uh, Darren, some burly guys with shaved heads and no necks are MS> going to be knocking on your door any minute now if you use that MS> address. MS> They were humorless before 9/11, think of how much fun they are now. Greatly appreciate your concern, however as I pointed out above, I changed the IP address for just this reason :-) -- Best regards, Darren mailto:darren@dazdaz.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2384322.20030726115350>