Date: Mon, 17 Apr 2006 17:45:28 -0700 (PDT) From: "R. B. Riddick" <arne_woerner@yahoo.com> To: Noah Silverman <noah@allresearch.com>, freebsd-security@freebsd.org Subject: Re: IPFW Problems? Message-ID: <20060418004528.84183.qmail@web30314.mail.mud.yahoo.com> In-Reply-To: <71010EE4-5C3E-48D9-8634-3605CE86F8C5@allresearch.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--- Noah Silverman <noah@allresearch.com> wrote: > Take the following rules: > ipfw add 00280 allow tcp from any to any 22 out via bge0 setup keep- > state > ipfw add 00299 deny log all from any to any out via bge0 > ipfw add 0430 allow log tcp from any to me 22 in via bge0 setup limit > src-addr 2 > ipfw add 00499 deny log all from any to any in via bge0 > I think rule 430 needs a keep-state, because u do not have a rule, that allows out-going ssh packets for established tcp connections. In addition to the before-mentioned "check-state" in the beginning u would need a "keep-state" in rule 430... > When I install this firewall configuration, I'm locked out of the > box. An inspection of the logs shows that rule 499 is being > triggered by an attempted incoming connection. > Hmm... That's strange... What about rule 299? There should be something about rule 299 in the logs... Maybe I am wrong... -Arne __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060418004528.84183.qmail>