Re: ipfw dynamic entries I don't understand.
From: Crist J. Clark (cristjc@earthlink.net)
Date: 10/30/01
- Next message: Crist J. Clark: "Re: can I use keep-state for icmp rules?"
- Previous message: Dave: "RE: AntiVirus Replies [was: VIRUS IN YOUR MAIL]"
- In reply to: Peter Haight: "ipfw dynamic entries I don't understand."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 29 Oct 2001 15:31:41 -0800 From: "Crist J. Clark" <cristjc@earthlink.net> To: Peter Haight <peterh@sapros.com>
On Sun, Oct 28, 2001 at 01:05:40PM -0800, Peter Haight wrote:
>
> Someone was portscanning my machine the other day. I have an ipfw setup with
> some dynamic rules and the guy doing the portscanner managed to get some of
> his connections to start as a dynamic rule. I had thought I had it setup so
> that only tcp connections originating from the server would start a
> dynamic rule. I'm using a set of rules which I grew from the 'simple'
> firewall rules (with NAT). This eventually filled up the dynamic rule table
> so that I couldn't make any more connections. Is there some way to fix this?
There is really no way to see what is going on without the _complete_
firewall ruleset.
-- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
- Next message: Crist J. Clark: "Re: can I use keep-state for icmp rules?"
- Previous message: Dave: "RE: AntiVirus Replies [was: VIRUS IN YOUR MAIL]"
- In reply to: Peter Haight: "ipfw dynamic entries I don't understand."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
