Date: Mon, 17 Apr 2006 14:22:59 -0700 From: Noah Silverman <noah@allresearch.com> To: freebsd-security@freebsd.org Subject: IPFW Problems Message-ID: <9C1A3A84-BB1E-41E8-8BB4-5BEAEA54B499@allresearch.com>
next in thread | raw e-mail | index | archive | help
Hi, I have a system with a 4.11 Kernel. Unless I'm doing something very wrong, there seems to be something odd with ipfw. Take the following rules: ipfw add 00280 allow tcp from any to any 22 out via bge0 setup keep- state ipfw add 00299 deny log all from any to any out via bge0 ipfw add 0430 allow log tcp from any to me 22 in via bge0 setup limit src-addr 2 ipfw add 00499 deny log all from any to any in via bge0 In theory, this should allow in SSH and nothing else. When I install this firewall configuration, I'm locked out of the box. An inspection of the logs shows that rule 499 is being triggered by an attempted incoming connection. Can anybody help? Also, would it be better to upgrade to ipfw2?? If so, how do I do that? Thanks, -N
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9C1A3A84-BB1E-41E8-8BB4-5BEAEA54B499>