what is wrong for my ipfw? and how intruder can do it?

ann kok annkok2001 at yahoo.com
Thu Aug 11 20:28:53 GMT 2005


Hi all

I am using freebsd 4.11 as router and run ipfw
I has ipfw rules to restrict ssh access from all
interfaces 

eg: ipfw add 22 deny log tcp from any to x.x.x.x/32 22


The firewall rule is fine when testing from outside
and can get info from /var/log/security
Deny TCP x.x.x.x:20411 x.x.x.x:22 in via dc0


But I don't know that ip can bypass the ipfw firewall
rule and can access the computer. 
Finally it was blocked by tcpwrapper. I got this from
/var/log/messages


Aug 09 06:10:29 firewall sshd[51057]: refused connect
from x.x.x.137 (x.x.x.137)

what is wrong for my ipfw? and how intruder can do it?

do you have any ideas?

Thank you

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


More information about the freebsd-questions mailing list