Locked out of FreeBSD EC2 image - trying to figure out why ...
Michael Sierchio
kudzu at tenebras.com
Wed Oct 1 22:04:00 UTC 2014
On Wed, Oct 1, 2014 at 2:23 PM, John Case <case at sdf.org> wrote:
>
> I added this ipfw line to my ec2 image and then rebooted it, and am unable
> to connect over the network now:
>
>
> deny ip from 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 to any
> deny ip from 0.0.0.0/8,169.254.0.0/16,192.0.2.0/24,224.0.0.0/4,240.0.0.0/4
> to any
>
>
> The private IP that my instance uses is in the 172.31.xx.xx block, so is it
> my blocking of 172.16.0.0/12 that is causing the problem ?
Yes. DHCP responses will come from an RFC1918 network, for example.
This is naive and really unnecessary - just use an appropriate EC2
security policy. If you insist on using ipfw, you'll need to improve
your understanding of how things work.
Also - an elastic IP will not persist across stopping and starting an
instance, and you should associate it using a script inside the
instance when it starts.
- M
More information about the freebsd-questions
mailing list