Re: ipf stopped working on 5.3

ray_at_redshift.com
Date: 10/26/05

  • Next message: John Fitzgerald: "Re: ipf stopped working on 5.3" 
    Date: Wed, 26 Oct 2005 09:48:25 -0700
To: John Fitzgerald <jjfitzgerald@gmail.com>, freebsd-security@FreeBSD.org

    At 01:32 PM 10/25/2005 -0400, John Fitzgerald wrote:
    | I've had ipf working on a few 5.3 servers for quite awhile. Not too long ago
    | some developers had to do some coding work and were coming from dynamic
    | IP's. I (reluctantly) opened up SSH to the world. Immediately I started
    | seeing the attacks where bots of some sort would try to break in with a
    | variety of different users.
    |
    | So, I (thought) I closed it up again and told the developers to use a
    | dedicated proxy. They did, but I realized that I hadn't actually closed
    | things off. I was still getting attacked. I had tried, but ipf suddenly
    | wasn't working. Whenever I would change the firewall rules and ipf -D and
    | the ipf -E -f /etc/my.rules it would simply return:
    |
    | 1:ioctl(add/insert rule): No such process
    |
    | I didn't have the time to look into it at the time, but am now trying to
    | figure it out. Ipf is obviously not working and I don't know why. I have
    | tried recompiling the kernel a myriad of different ways. With/without ipfw,
    | with/without ipsec, etc. All to no avail. Is this a bug, did I get hacked?
    |
    | I have googled this quite a bit and the only thing that I found was possibly
    | a buildworld scenario where something got updated and it doesn't work now. I
    | didn't install src so I'm a bit out of luck on that one.
    |
    | FreeBSD 5.3-RELEASE
    | OpenSSH_3.8.1p1 FreeBSD-20040419, OpenSSL 0.9.7d 17 Mar 2004
    |

    usually that means you are trying to run it without being root, or you have a
    rule that doesn't belong to a group/head.

    I ran into something else once that caused that, but now I can't remember it.
    Feel free to send your ipf.rules if it's not to sensitive.

    Ray

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: John Fitzgerald: "Re: ipf stopped working on 5.3"

    Relevant Pages

    • ipf stopped working on 5.3
      ... I've had ipf working on a few 5.3 servers for quite awhile. ... some developers had to do some coding work and were coming from dynamic ... Whenever I would change the firewall rules and ipf -D and ...
      (FreeBSD-Security)
    • Re: ipf stopped working on 5.3
      ... On Tue, 25 Oct 2005, John Fitzgerald wrote: ... I I closed it up again and told the developers to use a ... > dedicated proxy. ... I had tried, but ipf suddenly ...
      (FreeBSD-Security)
    • Security using ipf to block IPs run in cron
      ... I just finished a program that I run in cron every 15 minutes to add block ... rules to IPF for attacks in syslog. ...
      (comp.unix.sco.misc)
    • Re: ipf stopped working on 5.3
      ... Kernel: IP Filter: v3.4.35 ... > be added to the kernel config that was not needed previously. ... ipf stopped working on 5.3 ... > seeing the attacks where bots of some sort would try to break in with a ...
      (FreeBSD-Security)
    • Re: ipf stopped working on 5.3
      ... Kernel: IP Filter: v3.4.35 ... > be added to the kernel config that was not needed previously. ... ipf stopped working on 5.3 ... > seeing the attacks where bots of some sort would try to break in with a ...
      (FreeBSD-Security)