Re: ssh and ipfw

From: Bart Matthaei (bart@dreamflow.nl)
Date: 02/26/02 

Date: Tue, 26 Feb 2002 12:33:11 +0100
From: Bart Matthaei <bart@dreamflow.nl>
To: "Adam@junik.lv" <adam@junik.lv>

On Tue, Feb 26, 2002 at 01:28:19PM +0200, Adam@junik.lv wrote:
> I'm using ipfw on two machines, both running FreeBSD 4.5 RELEASE.
> At both machines the following rules apply:
> ipfw add pass tcp from A to B 22
> ipfw add pass tcp form B to A 22
> A and B being the respective IP addresses of the machines!

You want to allow established connections

ipfw add pass tcp from any to any established

HTH.

Bart 

-- 
Bart Matthaei                 bart@dreamflow.nl 
Kiss me twice.  I'm schizophrenic.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • ssh and ipfw
    ... I'm using ipfw on two machines, both running FreeBSD 4.5 RELEASE. ... ipfw add pass tcp from A to B 22 ...
    (FreeBSD-Security)
  • Re: ssh and ipfw
    ... I'm using ipfw on two machines, ... ipfw add pass tcp from A to B 22 ... ${fwcmd} add allow from any to any established ...
    (FreeBSD-Security)
  • Re: forwarding as a gateway, logging certain traffic
    ... ipfw add 1 log tcp from any to me 25 setup ... why not set up ipfw on the FreeBSD ... ipfw add 5 allow tcp from any to me 25 setup ...
    (freebsd-questions)
  • Re: ipfw question
    ... # Pass and log all incoming ftp-data connections. ... ipfw add allow log tcp from any 20 to any in setup keep-state ... This way only the packets related to one of the states will pass ...
    (freebsd-questions)
  • FreeBSD Security Advisory: FreeBSD-SA-01:08.ipfw
    ... based on an old version of ipfw and does not contain as many features. ... Due to overloading of the TCP reserved flags field, ipfw and ip6fw ... incorrectly treat all TCP packets with the ECE flag set as being part ...
    (FreeBSD-Security)