Re: FW: monitor ALL connections to ALL ports

From: Krzysztof Zaraska (kzaraska@student.uci.agh.edu.pl)
Date: 10/15/02

• Next message: Maildrop: "RE: FW: monitor ALL connections to ALL ports"
• Previous message: Benjamin Krueger: "Re: access() is a security hole?"
• In reply to: Mike Hoskins: "Re: FW: monitor ALL connections to ALL ports"
• Next in thread: Maildrop: "RE: FW: monitor ALL connections to ALL ports"
• Reply: Maildrop: "RE: FW: monitor ALL connections to ALL ports"
• Reply: Steve Reid: "Re: FW: monitor ALL connections to ALL ports"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 15 Oct 2002 17:57:14 +0200
From: Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl>
To: Mike Hoskins <mike@adept.org>, "Maildrop" <maildrop@qwest.net>

On Mon, 14 Oct 2002 14:58:50 -0700 (PDT)
Mike Hoskins <mike@adept.org> wrote:

> > I put these rule in:
> > ipfw add count log all from any to any
>
> Is this rule before the other allow rules in your chain? Since the rule
> chain is parsed on a first-match basis, you'll either need this rule
> before all others or you'll need to add log entires to each of your
> other rules.

There's another problem I can see here: this setup will generate a log
entry on EVERY packet, what is clearly an overkill. I think it would be
more useful to log only opening of the connection; this can be
accomplished using for example a 'setup' keyword, e.g.:

# Allow access to our WWW
${fwcmd} add pass log tcp from any to ${oip} 80 setup

-- 
// Krzysztof Zaraska * kzaraska (at) student.uci.agh.edu.pl
// Prelude IDS: http://www.prelude-ids.org/
// A dream will always triumph over reality, once it is given the chance.
//		-- Stanislaw Lem
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

• Next message: Maildrop: "RE: FW: monitor ALL connections to ALL ports"
• Previous message: Benjamin Krueger: "Re: access() is a security hole?"
• In reply to: Mike Hoskins: "Re: FW: monitor ALL connections to ALL ports"
• Next in thread: Maildrop: "RE: FW: monitor ALL connections to ALL ports"
• Reply: Maildrop: "RE: FW: monitor ALL connections to ALL ports"
• Reply: Steve Reid: "Re: FW: monitor ALL connections to ALL ports"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages DNAT packets not getting to FORWARD chain ... Anyway, its a simple setup (the smoothwalls, fyi are a red hat flavour ... kernel 2.4.26, iptables v1.2.8) ... The chain policy count is zero, as are the counts for all rules in the ... packets supposedly been readdressed to 192.168.1.40 (an address I can ping ... (comp.os.linux.networking) Re: 52-42-24 triple crank w/ 12-23 9 sp cassette ... triple setup now. ... Would I be able to keep the chain long enough so that it'll still go ... Manufacturer's listed capacities and recommended ... you can get nearly the same top gear with a 48/11 (say ... (rec.bicycles.tech) Re: Eliminating the .local from node name ... I setup my mac with a node name of "brakes". ... I setup LPD service on a different node callled "chain". ... The ".local" isn't seen by CHAIN when it comes to NFS stuff. ... (comp.sys.mac.system) Re: Campy Help Please ... Can I get away with a short derailer with this setup? ... I've got a Veloce CT crank with an 11-25 cassette, ... Does anyone run a Shimano 10spd chain on their Campy kit? ... (rec.bicycles.tech) Re: ipfw and ssh ... You neglected to include the 'add' in your first fwcmd. ... # Allow setup of incoming ssh ... Since the rest of it should be taken care of by the rest of the 'client' ipfw ... (freebsd-questions)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2002-10