Re: ipf stopped working on 5.3

From: Darren Reed (avalon_at_caligula.anu.edu.au)
Date: 10/27/05

  • Next message: db: "Re: Non-executable stack" 
    To: ray@redshift.com
Date: Fri, 28 Oct 2005 00:30:56 +1000 (Australia/ACT)

    In some mail from ray@redshift.com, sie said:
    >
    > At 01:12 PM 10/26/2005 -0400, John Fitzgerald wrote:
    > | Another strange symptom is that if I ipf -D and then ipf -E -f
    > | /etc/ipf.rules, my terminal (I'm remote) will freeze and I'll be forced to
    > | power cycle the server, after which time it will come back up (with no rules
    > | running). I'm assuming that after the ipf -E -f /etc/ipf.rules somehow the
    > | firewall stops all traffic since apache won't respond to web requests
    > | either.
    > |
    > | As a side note, I did put the sshd server listening on an obscure port so it
    > | should take awhile for the bots to find it. The ipf.rules I left at 22 as a
    > | testament to it not working. However this obviously isn't a permanent
    > | solution as I should be able to get ipf working.
    >
    > after you make changes to ipf.rules, you should restart ipf like this:
    >
    > ipf -F a && ipf -f /etc/ipf.rules

    many do it like this:

    # test new rules for 30 seconds
    ipf -If /etc/ipf.rules -s && sleep 30 && ipf -s

    The '-I' tells ipf to load /etc/ipf.rules into the "inactive set"
    of rules and "-s" says switch active set.

    You can flush inactive rules too:
    ipf -iFa

    and dump them out:
    ipfstat -Iio

    (IPFilter pioneered this idea)

    Darren
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: db: "Re: Non-executable stack"