IPFILTER rule error
Maxim Vetrov
muxas at mail.ru
Tue Feb 14 06:58:50 PST 2006
Hi,
Sorry, I really do not want you to guess! Here is what you asked:
kernel conf:
-------------------------------------------------------
...
options IPFILTER
options IPFILTER_LOG
#options IPFILTER_DEFAULT_BLOCK
#options IPSTEALTH
...
-------------------------------------------------------
rc.conf:
-------------------------------------------------------
...
ifconfig_rl0="inet 10.0.1.1 netmask 255.255.255.248"
...
ipnat_enable="YES"
ipfilter_enable="YES"
ipmon_enable="YES"
...
-------------------------------------------------------
services:
-------------------------------------------------------
...
sunrpc 111/tcp rpcbind #SUN Remote Procedure Call
sunrpc 111/udp rpcbind #SUN Remote Procedure Call
...
-------------------------------------------------------
ipf.rules:
-------------------------------------------------------
block in log on rl0 all head 20
block out log on rl0 all head 25
pass in quick on rl0 \
proto tcp/udp from any to any port = sunrpc keep state group 20
pass in quick on rl0 \
proto tcp/udp from any to any port = 717 keep state group 20
pass out quick on rl0 \
proto udp from any to any port = 111 keep state group 20
--------------------------------------------------------
Steps to load the rules:
>ipf -Fa
>ipf -f /etc/ipf.rules
1:ioctl (add/insert rule): No such process
And there is one more problem - despite that I have packet logging
enabled by default (-Ds) through syslogd, log is empty!
syslog.conf:
--------------------------------------------------------
...
security.* /var/log/security
...
--------------------------------------------------------
That file exists and have root rw permissions.
If this help: after I'd moved to 6.0 from 5.4
(backup-format-install-restore), this config stopped to work. I know
that I'm doing something wrong but what exactly?
Regards,
Muxas
More information about the freebsd-questions
mailing list