ipfirewall(4)) cannot be changed

From: Santos (sansan_at_cas.port995.com)
Date: 05/25/03

  • Next message: Giorgos Keramidas: "Re: ipfirewall(4)) cannot be changed" 
    Date: Sun, 25 May 2003 07:57:43 +0100
To: freebsd-security@freebsd.org

    root@vigilante /root cuaa1# man init |tail -n 130 |head -n 5

    3 Network secure mode - same as highly secure mode, plus IP packet
         filter rules (see ipfw(8) and ipfirewall(4)) cannot be changed and
         dummynet(4) configuration cannot be adjusted.

    root@vigilante /root cuaa1# sysctl -a |grep secure
    kern.securelevel: 3

    root@vigilante /root cuaa1# ipfw show
    00100 0 0 allow ip from any to any via lo0
    00200 0 0 deny ip from any to 127.0.0.0/8
    00300 0 0 deny ip from 127.0.0.0/8 to any
    65535 44 3648 deny ip from any to any

    root@vigilante /root cuaa1# ping 216.136.204.21
    PING 216.136.204.21 (216.136.204.21): 56 data bytes
    ping: sendto: Permission denied
    ping: sendto: Permission denied
    ^C
    --- 216.136.204.21 ping statistics ---
    2 packets transmitted, 0 packets received, 100% packet loss

    root@vigilante /root cuaa1# telnet 216.136.204.21 80
    Trying 216.136.204.21...
    telnet: connect to address 216.136.204.21: Permission denied
    telnet: Unable to connect to remote host

    root@vigilante /root cuaa1# sysctl net.inet.ip.fw.enable=0
    net.inet.ip.fw.enable: 1 -> 0

    root@vigilante /root cuaa1# ping 216.136.204.21

    PING 216.136.204.21 (216.136.204.21): 56 data bytes
    64 bytes from 216.136.204.21: icmp_seq=0 ttl=50 time=338.878 ms
    64 bytes from 216.136.204.21: icmp_seq=1 ttl=50 time=346.135 ms
    ^C
    --- 216.136.204.21 ping statistics ---
    2 packets transmitted, 2 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 338.878/342.506/346.135/3.629 ms

    root@vigilante /root cuaa1# telnet 216.136.204.21 80
    Trying 216.136.204.21...
    Connected to freefall.freebsd.org.
    Escape character is '^]'.
    quit
    <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    <HTML><HEAD>
    <TITLE>501 Method Not Implemented</TITLE>
    </HEAD><BODY>
    <H1>Method Not Implemented</H1>
    quit to /index.html not supported.<P>
    Invalid method in request quit / HTTP/1.1<P>
    </BODY></HTML>
    Connection closed by foreign host.

    Santos

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: Giorgos Keramidas: "Re: ipfirewall(4)) cannot be changed"

    Relevant Pages

    • Netgear MA401 stopped working
      ... the host, seem to be sending packets, but never receive anything back. ... PING 192.168.112.1: 56 data bytes ... I, on the other hand, suspect a hardware problem with the card. ... pci_cfgintr: 0:2 INTA BIOS irq 11 ...
      (freebsd-net)
    • Re: netcat delays between pages over wan
      ... >8000 printers. ... All that is going to show you is that ping in the default mode has ... >servers and Lantronix servers were rebooted. ... By default ping sends 56 byte packets 1 second apart. ...
      (comp.unix.sco.misc)
    • ubr924 modem does not want to talk through its ethernet0 port
      ... hostname burpmaster ... interface cable-modem0 ... input packets with dribble condition detected ... burpmaster#ping 10.0.0.13 <-- Ping my unix box, which I am using to connect to the ubr924 modem's console port. ...
      (comp.dcom.sys.cisco)
    • Failing to use Linux PC as router
      ... I can ping from one computer to the other and from the ... INTERFACES eth0 (?Firewire? ... iface lo inet loopback ... packets transmitted, 5 packets received, 0% packet loss ...
      (Debian-User)
    • Re:Re: ICMP (Type 8) port
      ... But a ping only checks whether your ... >packets, there is no security risk in this. ... I don't block ICMP echo on my computer. ... >to set up some kind of VPN connection. ...
      (microsoft.public.security)