From owner-freebsd-security Tue Feb 26 3:42: 7 2002 Delivered-To: freebsd-security@freebsd.org Received: from rubicon.soft.lv (ilg01-195-114-52-166.hi.delfi.lv [195.114.52.166]) by hub.freebsd.org (Postfix) with ESMTP id 1B50137B41D for ; Tue, 26 Feb 2002 03:42:01 -0800 (PST) Received: by rubicon.soft.lv (Postfix, from userid 1016) id 6E0952727; Tue, 26 Feb 2002 13:41:57 +0200 (EET) Received: from blacksun (unknown [62.85.35.1]) by rubicon.soft.lv (Postfix) with ESMTP id 55CEF271D; Tue, 26 Feb 2002 13:41:56 +0200 (EET) Message-ID: <01bf01c1beba$cbd0d560$8501a8c0@bis.lv> From: To: "Adam@junik.lv" Cc: References: <003101c1beb8$b196e240$06cdb6d5@junik.lv> Subject: Re: ssh and ipfw Date: Tue, 26 Feb 2002 13:43:22 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- I'm using ipfw on two machines, both running FreeBSD 4.5 RELEASE. At both machines the following rules apply: ipfw add pass tcp from A to B 22 ipfw add pass tcp form B to A 22 A and B being the respective IP addresses of the machines! when you establish connection from A -> B 22 first rule allow access, then B 22 answers -> A and ipfw blocks this connection. In /etc/sh.firewall is good example how to setup firewall. You must add rules: IP A ${fwcmd} add allow from any to any established ${fwcmd} add allow from A to B 22 setup IP B ${fwcmd} add allow from any to any established ${fwcmd} add allow from B to A 22 setup To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message