Date: Fri, 24 Mar 2000 17:38:01 +0000 From: Tim Bond <t.m.bond@durham.ac.uk> To: questions@freebsd.org Subject: Question on ipf behaviour Message-ID: <20000324173800.A1145@xira.demon.co.uk>
next in thread | raw e-mail | index | archive | help
Hullo, I would be grateful for advice on ipf, having read the ipf(8) manpage and the IP Filter webpage at http://coombs.anu.edu.au/~avalon/ip-filter.html and not found an answer to my problem. I've only just subscribed to this list, and whilst I've tried to search the archives for anything pertinent I may have missed a relevant thread. I'm running FreeBSD 4.0-RELEASE on i386 architecture, ftp installed from ftp2.uk.freebsd.org yesterday evening, and have added: options INET pseudo-device ether device ed0 at isa? port 0x280 irq 10 iomem 0xd8000 options IPFILTER to my kernel configuration, wanting to operate IP Filter on an ethernet interface with an NE2000 card. I compiled, installed, and booted to this kernel, after which I verified that networking was functioning and had the following output from netstat -i: Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll ed0 1500 <Link#1> **:**:**:**:**:** 63474 0 1955 0 28 ed0 1500 ***.*** *******.***.**. 63474 0 1955 0 28 ppp0* 1500 <Link#2> 0 0 0 0 0 lo0 16384 <Link#3> 510 0 510 0 0 lo0 16384 127 localhost 510 0 510 0 0 I then created a simple ruleset in ipf.rules as: # cat /etc/ipf.rules pass out all pass in all # and loaded these rules into the inactive set with: # ipf -I # ipf -Fa -vf /etc/ipf.rules [pass out all] pass out from any to any [pass in all] pass in from any to any # Verifying that packets still passed in and out over ed0 unblocked (they did) I changed rulesets with ipf -s and checked transport over ed0 again. According to ipfstat, packets were going out fine but being blocked on the way back in. Changing rulesets again with ipf -s, packets were no longer blocked. This suggested to me that employing the ruleset in /etc/ipf.rules which stated 'pass in all' was having the effect I would expect from 'block in all'. Asking around friends came up with no solutions, so I would be grateful if anyone could point me in the direction of what I'm doing wrong. I'm aiming for a simple ruleset to block all but a couple of privileged ports from all but a few 'trusted' hosts, but since the simplest ruleset seemed to work so badly in apparent contradiction to documentation I'm not sure how to write a successful ruleset. Thanks in advance, Tim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000324173800.A1145>