ipfw and ftpd
Christoph Harder
shadowomf at arcor.de
Fri Sep 3 17:04:47 UTC 2021
Hello everybody,
I'm using "FreeBSD 12.2-RELEASE-p7 GENERIC amd64" and ipfw.
Currently I'm trying to get ftpd working for the local network, but when ipfw is enabled it's not working.
It works without any problems when ipfw is not running. The client is a FileZilla Cleint on a windows machine in localnetwork0.
My ipfw.rules file looks like below. I've removed the pass rules for other services, but I didn't delete any of the deny rules.
/etc/ipfw.rules
#!/bin/sh
# ipfw command
ii="/sbin/ipfw -q"
# flush old
${ii} -f flush
#${ii} pipe flush
#${ii} queue flush
#${ii} table all flush
# local trusted networks
localnet0="10.55.0.0/16"
# loopback adapter
${ii} add pass all from any to any via lo0
${ii} add deny log all from any to 127.0.0.0/8
${ii} add deny log ip from 127.0.0.0/8 to any
${ii} add deny log all from any to ::1
${ii} add deny log all from ::1 to any
# allow if matching entry in dynamic rule table
${ii} add check-state log
# allow local ftp traffic
${ii} add pass log tcp from ${localnet0} to me 21 in setup keep-state
${ii} add pass log tcp from me to ${localnet0} 20 out setup keep-state
${ii} add pass log tcp from ${localnet0} to me 49152-65535 in setup keep-state
# deny and log everything else, this should always be the last rule
${ii} add deny log all from any to any
Strangely /var/log/securtiy is only showing accept for the ftp connections and no deny entries, still it's not working.
Did I mess anything up? Maybe the in/out/setup/check-state or keep-state parts?
Best regards,
Christoph
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 321 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20210903/05a344c4/attachment.sig>
More information about the freebsd-questions
mailing list