Re: IPFW Problems?

看板FB_security作者時間20年前 (2006/04/18 08:46), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串1/3 (看更多)
--- Noah Silverman <noah@allresearch.com> wrote: > Take the following rules: > ipfw add 00280 allow tcp from any to any 22 out via bge0 setup keep- > state > ipfw add 00299 deny log all from any to any out via bge0 > ipfw add 0430 allow log tcp from any to me 22 in via bge0 setup limit > src-addr 2 > ipfw add 00499 deny log all from any to any in via bge0 > I think rule 430 needs a keep-state, because u do not have a rule, that allows out-going ssh packets for established tcp connections. In addition to the before-mentioned "check-state" in the beginning u would need a "keep-state" in rule 430... > When I install this firewall configuration, I'm locked out of the > box. An inspection of the logs shows that rule 499 is being > triggered by an attempted incoming connection. > Hmm... That's strange... What about rule 299? There should be something about rule 299 in the logs... Maybe I am wrong... -Arne __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 arne_woerne. 的文章
文章代碼(AID): #14H3Ra00 (FB_security)
更多 arne_woerne. 的文章
文章代碼(AID): #14H3Ra00 (FB_security)