Date: Tue, 25 Apr 2006 11:19:07 -0600 From: Aaron Siegel <bulk_mail@siegel-tech.net> To: questions@freebsd.org Subject: ipfilter rule will not load Message-ID: <200604251119.07640.bulk_mail@siegel-tech.net>
next in thread | raw e-mail | index | archive | help
Hello I cannot get ipfilter to load any rules. When I type in the iptest command I receive the following output: <root@hal># ipftest no rules loaded I used the example found in the /usr/share/examples directory I am unable to load the firewall. I have tried to load the file though # ipf -Fa -f /etc/ipf.rules I have posted my configuration bellow Thank you Aaron Kernel #IPFILTER options IPFILTER options IPFILTER_LOG #options IPFILTER_DEFAULT_BLOCK /etc/rc.conf ipfilter_enable="YES" ipfilter_rules="/etc/ipf.rules" ipmon_enable="YES" ipmon_flags="-Dsn" ipnat_enable="YES" ipnat_rules="/etc/ipnat.rules" /etc/syslog.conf security.* /var/log/ipfilter.log security.info /var/log/firewall.info security.notice /var/log/firewall.notice security.warning /var/log/firewall.warning security.err /var/log/firewall.err /etc/ipf.rules (small excerpt)# Allow in standard www function because I have apache server pass in quick on dc0 proto tcp from any to any port = 80 flags S keep state pass in quick on dc0 proto udp from any to any port = 80 keep state # Allow access to the zope server 8080 pass in quick on dc0 proto tcp from any to any port = 8080 flags S keep state pass in quick on dc0 proto udp from any to any port = 8080 keep state # Allow in non-secure Telnet session from public Internet # labeled non-secure because ID/PW passed over public Internet as clear text. # Delete this sample group if you do not have telnet server enabled. #pass in quick on dc0 proto tcp from any to any port = 23 flags S keep state #pass in quick on dc0 porto udp from any to any port = 23 keep state # Allow in secure FTP, Telnet, and SCP from public Internet # This function is using SSH (secure shell) pass in quick on dc0 proto tcp from any to any port = 22 flags S keep state pass in quick on dc0 proto udp from any to any port = 22 keep state # Block and log only first occurrence of all remaining traffic # coming into the firewall. The logging of only the first # occurrence stops a .denial of service. attack targeted # at filling up your log file space. # This rule enforces the block all by default logic. block in log first quick on dc0 all
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200604251119.07640.bulk_mail>