Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 3 Sep 2021 20:24:23 +0200
From:      Tomasz CEDRO <tomek@cedro.info>
To:        Christoph Harder <shadowomf@arcor.de>
Cc:        FreeBSD Questions Mailing List <freebsd-questions@freebsd.org>
Subject:   Re: ipfw and ftpd
Message-ID:  <CAM8r67DqDF4eHSeddWypbriMxzbg=jeR83_rROUFUT9o=-MuCg@mail.gmail.com>
In-Reply-To: <33043b47-0eca-9eb9-7f1f-4d50067575c2@arcor.de>
References:  <33043b47-0eca-9eb9-7f1f-4d50067575c2@arcor.de>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, Sep 3, 2021 at 7:05 PM Christoph Harder  wrote:
> I'm using "FreeBSD 12.2-RELEASE-p7 GENERIC amd64" and ipfw.
> Currently I'm trying to get ftpd working for the local network, but when ipfw is enabled it's not working.
> It works without any problems when ipfw is not running. The client is a FileZilla Cleint on a windows machine in localnetwork0.
>
> My ipfw.rules file looks like below. I've removed the pass rules for other services, but I didn't delete any of the deny rules.

Have you tried this generic approach using /etc/rc.conf ?

firewall_enable="YES"
firewall_type="workstation"
firewall_myservices="20/tcp 21/tcp"
firewall_allowservices="10.55.0.0/16"

Take a look at /etc/rc.firewall source code, comments will explain
everything, there is a 'firewall_logdeny' that enables logging dropped
packets :-)

[Ww][Oo][Rr][Kk][Ss][Tt][Aa][Tt][Ii][Oo][Nn])
        # Configuration:
        #  firewall_myservices:         List of ports/protocols on which this
        #                                host offers services.
        #  firewall_allowservices:      List of IPv4 and/or IPv6 addresses
        #                                that have access to
        #                                $firewall_myservices.
        #  firewall_trusted:            List of IPv4 and/or IPv6 addresses
        #                                that have full access to this host.
        #                                Be very careful when setting this.
        #                                This option can seriously degrade
        #                                the level of protection provided by
        #                                the firewall.
        #  firewall_logdeny:            Boolean (YES/NO) specifying if the
        #                                default denied packets should be
        #                                logged (in /var/log/security).
        #  firewall_nologports:         List of TCP/UDP ports for which
        #                                denied incoming packets are not
        #                                logged.


-- 
CeDeROM, SQ7MHZ, http://www.tomek.cedro.info

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAM8r67DqDF4eHSeddWypbriMxzbg=jeR83_rROUFUT9o=-MuCg>