Date: Fri, 14 Dec 2001 10:53:46 +0100 (CET) From: =?iso-8859-1?q?Fabrizio=20Ravazzini?= <freefabri@yahoo.it> To: john@day-light.com Cc: freebsd-isp@freebsd.org Subject: RE: Ipf & Bridging ??? Message-ID: <20011214095346.81911.qmail@web20108.mail.yahoo.com> In-Reply-To: <000901c183fb$9108fd80$1505010a@daylight.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks again for help, so, I tried with only that rule to see if the firewall blocks everithing, then I'll make all the other rules. The rl0 is on the outside,connected to the router, I'll try with the commands you gave me, but I've also read this: From the FreeBSD section of the IPF FAQ: (http://coombs.anu.edu.au/ipfilter/faq/IPFfreebsd.html#1) in it it's written that ipf & Bridging it's not enabled in FreeBSD, aargggggh, is that right? Did you ever used ipf & bridging? I think I must switch to ipfw, argg. What do you think? Thanks, bye --- John Brooks <john@day-light.com> ha scritto: > Some items to check > > Are you positive that rl0 is on the internet side? > Is that your entire ruleset? it would help to see > all the rules and > their order > Did you also flush out the state table? there may be > previously allowed > connections bypassing the new rules - run: > ipf -FS > > What does /var/log/ipflog show? (assuming default > location) > Add the keyword "log" to all rules then run: > ipf -Fa -f /path/to/rules/ipf.rules -E > tail -f /path/to/logfile/ipflog > You should be able to see each new log entry as it > occurs > > Run: > dmesg | grep "IP Filter" (you should get a > response) > > Run: > ipfstat -hion (shows activity per rule) > > Run: > ifconfig -a (confirm your nics) > > Is this a new box? > Is this box currently in use? > Have you ever had ipf running on this box before? > So many questions... > > -- > John Brooks > Email: john@stlbsd.org > > > > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of > Fabrizio Ravazzini > Sent: Thursday, December 13, 2001 10:48 AM > To: john@day-light.com > Cc: freebsd-isp@freebsd.org > Subject: RE: Ipf & Bridging ??? > > > hello thanks for the help, ipf is installed in the > kernel i compiled, > options IPFILTER > options IPFILTER_LOG > > > There's also the ipfiletr_enable="YES" in my rc.conf > > in /etc/ipf.rules: > pass in all > pass out all > block in quick on rl0 from any to any > > then if I digit: > ipf -Fa -f /path/to/rules/ipf.rules -E > I have the output: > IP Filter:already initialized > IP Filter:already initialized > > But there is still the problem, can you help me? > > ______________________________________________________________________ Iscriviti al Meglio della Settimana, la newsletter di Yahoo! Per saperne di pił vai alla pagina: http://buongiorno.yahoo.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011214095346.81911.qmail>