ipfw and ftpd
Tomasz CEDRO
tomek at cedro.info
Fri Sep 3 18:25:02 UTC 2021
On Fri, Sep 3, 2021 at 7:05 PM Christoph Harder wrote:
> I'm using "FreeBSD 12.2-RELEASE-p7 GENERIC amd64" and ipfw.
> Currently I'm trying to get ftpd working for the local network, but when ipfw is enabled it's not working.
> It works without any problems when ipfw is not running. The client is a FileZilla Cleint on a windows machine in localnetwork0.
>
> My ipfw.rules file looks like below. I've removed the pass rules for other services, but I didn't delete any of the deny rules.
Have you tried this generic approach using /etc/rc.conf ?
firewall_enable="YES"
firewall_type="workstation"
firewall_myservices="20/tcp 21/tcp"
firewall_allowservices="10.55.0.0/16"
Take a look at /etc/rc.firewall source code, comments will explain
everything, there is a 'firewall_logdeny' that enables logging dropped
packets :-)
[Ww][Oo][Rr][Kk][Ss][Tt][Aa][Tt][Ii][Oo][Nn])
# Configuration:
# firewall_myservices: List of ports/protocols on which this
# host offers services.
# firewall_allowservices: List of IPv4 and/or IPv6 addresses
# that have access to
# $firewall_myservices.
# firewall_trusted: List of IPv4 and/or IPv6 addresses
# that have full access to this host.
# Be very careful when setting this.
# This option can seriously degrade
# the level of protection provided by
# the firewall.
# firewall_logdeny: Boolean (YES/NO) specifying if the
# default denied packets should be
# logged (in /var/log/security).
# firewall_nologports: List of TCP/UDP ports for which
# denied incoming packets are not
# logged.
--
CeDeROM, SQ7MHZ, http://www.tomek.cedro.info
More information about the freebsd-questions
mailing list