6.3-RC1: IPFILTER (ipf) firewall not working?
Lasse Holmberg
lape63 at soul.lnet.fi
Thu Dec 6 03:06:48 PST 2007
Hej,
I can't get ipf working with 6.3-RC1, ipmon just keeps logging:
Dec 6 11:50:19 riks ipmon[506]: 11:50:18.378898 hme0 @0:3 b 172.16.0.2,1475 -> 172.16.0.3,22 PR tcp len 20 60 -S IN bad
Dec 6 11:50:25 riks ipmon[506]: 11:50:24.378765 hme0 @0:3 b 172.16.0.2,1475 -> 172.16.0.3,22 PR tcp len 20 60 -S IN bad
Dec 6 11:50:37 riks ipmon[506]: 11:50:36.378748 hme0 @0:3 b 172.16.0.2,1475 -> 172.16.0.3,22 PR tcp len 20 60 -S IN bad
Dec 6 11:51:01 riks ipmon[506]: 11:51:00.378835 hme0 @0:3 b 172.16.0.2,1475 -> 172.16.0.3,22 PR tcp len 20 60 -S IN bad
regards, Lasse
-- --
kernel version:
FreeBSD riks.homenet 6.3-RC1 FreeBSD 6.3-RC1 #0: Wed Nov 28 00:37:51 UTC 2007 root at edmunds.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC sparc64
boot messages:
Dec 6 11:48:59 riks kernel: IP Filter: v4.1.28 initialized. Default = pass all, Logging = enabled
Dec 6 11:48:59 riks kernel: Enabling ipfilter.
Dec 6 11:48:59 riks kernel: Starting ipmon.
/etc/rc.conf:
ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.rules"
ipmon_enable="YES"
ipmon_flags="-Ds"
/etc/ipf.rules:
pass in quick on lo0 all
pass out quick on lo0 all
#
pass out quick on hme0 proto tcp from any to $MY-DNS-IP port = 53 flags S keep state
pass out quick on hme0 proto udp from any to $MY-DNS-IP port = 53 keep state
pass out quick on hme0 proto tcp from any to any flags S keep state
#
pass in log first quick on hme0 proto tcp from any to any port = 22 flags S keep state
#
block in log first quick on hme0 all
block in log first quick on hme1 all
More information about the freebsd-sparc64
mailing list