Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 22 Oct 2002 11:24:16 +0300
From:      "Toomas Aas" <toomas.aas@raad.tartu.ee>
To:        questions@freebsd.org
Subject:   IPFilter and Apache
Message-ID:  <200210220825.g9M8P1214785@lv.raad.tartu.ee>
next in thread | raw e-mail | index | archive | help 
Hello!

I tried searching freebsd and ipfilter mailing list archives, but 
didn't find the answer to my question.

I'm running Apache 1.3.27 web server on FreeBSD 4.6.1-RELEASE-p10 (all 
security patches applied). I also use IPFilter on this machine to block 
unwanted traffic.

To let the world see my web, I use this IPFilter rule in the ruleset:

pass in quick on fxp0 proto tcp from any to 194.126.106.98 port = 80
flags S keep state keep frags

Everything seems to be working OK and I haven't heard any complaints 
about the web server being unreachable, but still I see a lot of 
blocked traffic on port 80. For example:

... most commonly, incoming packets with AF flags ...
Oct 17 17:22:53 heerold ipmon[51]: 17:22:52.119983 2x fxp0 @0:22 b
195.250.169.2 2,1070 -> 194.126.106.98,80 PR tcp len 20 40 -AF IN

... sometimes incoming packets with R flag ...
Oct 17 18:10:11 heerold ipmon[51]: 18:10:11.223164 fxp0 @0:22 b
195.250.169.22,1064 -> 194.126.106.98,80 PR tcp len 20 40 -R IN

... and ocasionally even outgoing packets! ...
Oct 18 08:38:05 heerold ipmon[51]: 08:38:05.086333 fxp0 @0:32 b
194.126.106.98,80 -> 213.219.109.38,62481 PR tcp len 20 44 -AS OUT

The goal of my ruleset is, of course, to let through the minimum needed 
for Apache to work correctly and block the bogus packets even if they 
are destined for port 80. However, the amount of blocked packets leads 
me to think that the ruleset might be too strict.

What would be the correct things to let through on port 80 for Apache 
to work correctly?
--
Toomas Aas | toomas.aas@raad.tartu.ee | http://www.raad.tartu.ee/~toomas/
* Radioactive cats have 18 half-lives.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210220825.g9M8P1214785>