IPFW - Allowed but Denied is shown in my logs
SrotBULL
pwd8jmr22w at me.point.ne.jp
Thu Aug 5 22:24:51 PDT 2004
Ian Smith wrote:
> On Wed, 4 Aug 2004 freebsd-questions-request at freebsd.org wrote:
> > Message: 11
> > From: Srot BULL <pwd8jmr22w at me.point.ne.jp>
>
> > > Giorgos Keramidas wrote: > > Show us the full ruleset.
Otherwise we're just guessing...
> > > > My apologies, below is my complete ruleset:
>
> [..]
>
> > #* Deny ident *#
> > $CMD 00315 deny tcp from any to any in via $IFN
> I think perhaps you meant:
> $CMD 00315 deny tcp from any to any 113 in via $IFN
>
> as yours denied all remaining TCP, making some rules below irrelevant,
> including allows for www, ssh etc if you ever wanted to enable these.
>
> You'd also likely do better using reset rather than deny - assuming this
> rule really was meant to block ident - to avoid timeout delays on mail.
> > #* Deny all Netbios service. 137=name, 138=datagram, 139=session *#
> > #* Netbios is MS/Windows sharing services. *#
> > #* Block MS/Windows hosts2 name server requests 81 *#
> > $CMD 00320 deny tcp from any to any 137 in via $IFN
> > $CMD 00321 deny tcp from any to any 138 in via $IFN
> > $CMD 00322 deny tcp from any to any 139 in via $IFN
> > $CMD 00323 deny tcp from any to any 81 in via $IFN
>
> None of these or any other tcp .. in via $IFN rules below are ever seen.
>
> [..]
> > #* Deny ACK packets that did not match the dynamic rule table *#
> > $CMD 00332 deny tcp from any to any established in via $IFN
>
> That rule is also not seen ..
>
> [..]
> > #* Reject & Log all incoming connections from the outside *#
> > $CMD 00499 deny log all from any to any in via $IFN
>
> .. nor that one, for TCP packets ..
>
> > My basis for my rulesets are taken from:
> > http://freebsd.a1poweruser.com:6088/FBSD_firewall/
>
> Cheers, Ian
Thank you for your advices...
I will get myself a fairly dedicated time infront of my pc to better
understand things.
You have a nice day...
SrotBULL
More information about the freebsd-questions
mailing list