IPFW Problem
Steven Adams
steve at drifthost.com
Thu Sep 30 07:29:37 PDT 2004
When I add
$fwcmd add allow ip from any to any established
The messages go away, but when I remove it they come back, I ran a tcpdump
it seems most of the packet just have ACK set?
Im not to sure whats going on?
Steven Adams steve at drifthost.com
DriftNet Web Services http://www.drifthost.com
Home: +61 2 94274857
Fax: +61 2 94274857
Mobile +61 (0) 404 085644
-----Original Message-----
From: steve at drifthost.com [mailto:steve at drifthost.com]
Sent: Thursday, 30 September 2004 4:33 PM
To: freebsd-questions at freebsd.org
Subject: IPFW Problem
Hi,
I am tryin to setup my Firewall on my server, so far i have the following.
===========================================================
oif=bge0
fwcmd=ipfw
$fwcmd -f flush
$fwcmd add check-state
$fwcmd add allow ip from any to any via lo0
$fwcmd add deny ip from any to 127.0.0.0/8
$fwcmd add deny all from any to any frag in via $oif
$fwcmd add allow tcp from any to me
21,25,26,53,110,143,443,465,953,993,995,2082,2083,2086,2087,2089,2095,2096,2
627,6666,40000-49452
in via $oif keep-state setup
$fwcmd add allow tcp from any to me 80 setup keep-state
$fwcmd add allow udp from me 53 to any keep-state
$fwcmd add allow udp from any to any 53 keep-state
$fwcmd add allow all from me to any out via $oif setup keep-state
$fwcmd add deny all from any to any 137,138,139,67,68 in
$fwcmd add deny log all from me to any 22
$fwcmd add deny log all from any to any
======================================================
When i turn the firewall on i am getting this in my /var/log/security
========================================================
Sep 30 16:30:48 inertia kernel: ipfw: 1200 Deny TCP SOMECLIENT:2858
MYIP:80 in via bge0
Sep 30 16:30:48 inertia kernel: ipfw: 1200 Deny TCP SOMECLIENT:2864
MYIP:80 in via bge0
Sep 30 16:30:48 inertia kernel: ipfw: 1200 Deny TCP SOMECLIENT:2858
MYIP:80 in via bge0
Sep 30 16:30:48 inertia kernel: ipfw: 1200 Deny TCP MYIP:80
SOMECLIENT:1431 out via bge0
Sep 30 16:30:49 inertia kernel: ipfw: 1200 Deny TCP MYIP:80
SOMECLIENT:2694 out via bge0
Sep 30 16:30:49 inertia kernel: ipfw: 1200 Deny TCP MYIP:80
SOMECLIENT:3059 out via bge0
Sep 30 16:30:49 inertia kernel: ipfw: 1200 Deny TCP MYIP:80
SOMECLIENT:33077 out via bge0
Sep 30 16:30:49 inertia kernel: ipfw: 1200 Deny TCP MYIP:80
SOMECLIENT:33130 out via bge0
==============================================================
I am unsure to why i am getting theses, its like the check-state command
is half working..
I can still browse my web server fine but im still getting theses messages.
Anyone got any ideas?
Thanks
Steve
_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list