no keep-state and and unpredictable ssh connections
Darren
darren at dazdaz.org
Sat Jul 26 03:54:00 PDT 2003
Hello Michael,
Saturday, July 26, 2003, 4:47:48 AM, you wrote:
MS> Darren wrote:
>> Hello freebsd-ipfw,
>>
>> I'm not using keep-state and yet ssh'ing into my FreeBSD 4.8-STABLE
>> box does'nt happen every attempt, more like 1 attempt in every 15!
>> Incoming ssh connection work fine when firewall is disabled.
>>
>> My ips obviously changed. This is my rc.firewall script.
>>
>> Greatly appreciate some guidance, i've read some docs, but am missing
>> something.
MS> Is this a firewall-router, or are you trying to protect the box itself?
MS> (In other words, is $myip an address on this box?)
There is no firewall-router in-between. $myip is an address on the
box itself.
MS> The ruleset could use some refactoring -- that's the polite word -- but
MS> the direction depends on the answer to my question above.
Fine. What would you change or refactor and why? If it should be
ripped apart, can you please explain which bits and why?
>> #!/bin/sh
>>
>> fwcmd="/sbin/ipfw"
>> myip="11.11.203.114"
MS> Uh, Darren, some burly guys with shaved heads and no necks are
MS> going to be knocking on your door any minute now if you use that
MS> address.
MS> They were humorless before 9/11, think of how much fun they are now.
Greatly appreciate your concern, however as I pointed out above, I changed the IP
address for just this reason :-)
--
Best regards,
Darren mailto:darren at dazdaz.org
More information about the freebsd-ipfw
mailing list