Re: IPFW Problems?
- From: "R. B. Riddick" <arne_woerner@xxxxxxxxx>
- Date: Mon, 17 Apr 2006 17:45:28 -0700 (PDT)
--- Noah Silverman <noah@xxxxxxxxxxxxxxx> wrote:
Take the following rules:I think rule 430 needs a keep-state, because u do not have a rule, that allows
ipfw add 00280 allow tcp from any to any 22 out via bge0 setup keep-
state
ipfw add 00299 deny log all from any to any out via bge0
ipfw add 0430 allow log tcp from any to me 22 in via bge0 setup limit
src-addr 2
ipfw add 00499 deny log all from any to any in via bge0
out-going ssh packets for established tcp connections.
In addition to the before-mentioned "check-state" in the beginning u would need
a "keep-state" in rule 430...
When I install this firewall configuration, I'm locked out of theHmm... That's strange... What about rule 299? There should be something about
box. An inspection of the logs shows that rule 499 is being
triggered by an attempted incoming connection.
rule 299 in the logs... Maybe I am wrong...
-Arne
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- References:
- IPFW Problems?
- From: Noah Silverman
- IPFW Problems?
- Prev by Date: Re: IPFW Problems?
- Next by Date: Re: IPFW Problems?
- Previous by thread: Re: IPFW Problems?
- Next by thread: IPFW Problems
- Index(es):
Relevant Pages
|
