IPFW Problem

Steven Adams steve at drifthost.com
Thu Sep 30 07:29:37 PDT 2004 

When I add

$fwcmd add allow ip from any to any established

The messages go away, but when I remove it they come back, I ran a tcpdump
it seems most of the packet just have ACK set?

Im not to sure whats going on?

Steven Adams steve at drifthost.com 
DriftNet Web Services http://www.drifthost.com 
Home: +61 2 94274857
Fax: +61 2 94274857
Mobile +61 (0) 404 085644

-----Original Message-----
From: steve at drifthost.com [mailto:steve at drifthost.com] 
Sent: Thursday, 30 September 2004 4:33 PM
To: freebsd-questions at freebsd.org
Subject: IPFW Problem

Hi,

I am tryin to setup my Firewall on my server, so far i have the following.

===========================================================
oif=bge0
fwcmd=ipfw

$fwcmd -f flush

$fwcmd add check-state

$fwcmd add allow ip from any to any via lo0
$fwcmd add deny ip from any to 127.0.0.0/8

$fwcmd add deny all from any to any frag in via $oif

$fwcmd add allow tcp from any to me
21,25,26,53,110,143,443,465,953,993,995,2082,2083,2086,2087,2089,2095,2096,2
627,6666,40000-49452
in via $oif keep-state setup
$fwcmd add allow tcp from any to me 80 setup keep-state
$fwcmd add allow udp from me 53 to any keep-state
$fwcmd add allow udp from any to any 53 keep-state

$fwcmd add allow all from me to any out via $oif setup keep-state

$fwcmd add deny all from any to any 137,138,139,67,68 in

$fwcmd add deny log all from me to any 22
$fwcmd add deny log all from any to any
======================================================

When i turn the firewall on i am getting this in my /var/log/security

========================================================
Sep 30 16:30:48 inertia kernel: ipfw: 1200 Deny TCP SOMECLIENT:2858
MYIP:80 in via bge0
Sep 30 16:30:48 inertia kernel: ipfw: 1200 Deny TCP SOMECLIENT:2864
MYIP:80 in via bge0
Sep 30 16:30:48 inertia kernel: ipfw: 1200 Deny TCP SOMECLIENT:2858
MYIP:80 in via bge0
Sep 30 16:30:48 inertia kernel: ipfw: 1200 Deny TCP MYIP:80
SOMECLIENT:1431 out via bge0
Sep 30 16:30:49 inertia kernel: ipfw: 1200 Deny TCP MYIP:80
SOMECLIENT:2694 out via bge0
Sep 30 16:30:49 inertia kernel: ipfw: 1200 Deny TCP MYIP:80
SOMECLIENT:3059 out via bge0
Sep 30 16:30:49 inertia kernel: ipfw: 1200 Deny TCP MYIP:80
SOMECLIENT:33077 out via bge0
Sep 30 16:30:49 inertia kernel: ipfw: 1200 Deny TCP MYIP:80
SOMECLIENT:33130 out via bge0
==============================================================

I am unsure to why i am getting theses, its like the check-state command
is half working..

I can still browse my web server fine but im still getting theses messages.

Anyone got any ideas?

Thanks
Steve


_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list