Date: Tue, 25 Jan 2000 21:23:23 -0800 (PST) From: Kris Kennaway <kris@hub.freebsd.org> To: keramida@ceid.upatras.gr Cc: current@FreeBSD.ORG Subject: Re: ipfilter and ipfstat Message-ID: <Pine.BSF.4.21.0001252121590.55762-100000@hub.freebsd.org> In-Reply-To: <20000125051418.A62880@charon.hell.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 25 Jan 2000, the Webslave wrote: > > Okay, so I finally decided to take the plunge and check out ipfilter. ipf > > seemed to load my ruleset with no problems, but ipfstat dies with: > > > > ioctl(SIOCGETFS): Invalid argument > > And what would that ruleset be? > # Default to deny block in log on tun0 from any to any # Block unroutables block in quick on tun0 from 192.168.0.0/16 to any block in quick on tun0 from 172.16.0.0/12 to any block in quick on tun0 from 10.0.0.0/8 to any block in quick on tun0 from 127.0.0.0/8 to any # Allow us to initiate any outgoing connections pass out quick on tun0 proto tcp/udp from any to any keep state pass out quick on tun0 proto icmp from any to any keep state # Allow incoming trojans pass in quick on tun0 proto tcp from any to any port = 12345 flags S keep state keep frags pass in quick on tun0 proto udp from any to any port = 31337 keep state # Allow loopback pass out quick on lo0 pass in quick on lo0 Note that I haven't been able to test this ruleset for legitimacy yet because I can't interface with ipfstat :-) Kris ---- "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0001252121590.55762-100000>