Displaying 20 results from an estimated 33 matches for "ipfirewall".
2005 Jan 13
1
Listening outside ipfw / program interface to ipfw
Hi,
Two quick questions that I can't seem to find answers for using google.
1) is is possible to listen outside an ipfw firewall - that is have
ethereal record the packets before ipfw starts dropping them? If so how?
2) Is there an api to ipfw that will let me manipulate rules, query
stats etc? I need something faster than running the command line binary?
Thanks
John
2004 Feb 07
0
Re: IPFIREWALL
...for helping newcomers on the
hackerscene
-----Oorspronkelijk bericht-----
Van: freebsd-security-bounces@lists.elvandar.org
[mailto:freebsd-security-bounces@lists.elvandar.org]Namens Spades
Verzonden: zaterdag 7 februari 2004 7:29
Aan: freebsd-security@freebsd.org
Onderwerp: [Freebsd-security] Re: IPFIREWALL
Heya,
lately my freebsd connection is being slow'd down after
it got ddos by some kiddies, and i got this feeling it is
still being packetted by in small amt cos i can feel a
constant lag. i have ipfw running and denied all icmp
Any idea how i can secure my box against all ddos
and prevent...
2003 May 24
1
ipfirewall(4)) cannot be changed
root@vigilante /root cuaa1# man init |tail -n 130 |head -n 5
3 Network secure mode - same as highly secure mode, plus IP packet
filter rules (see ipfw(8) and ipfirewall(4)) cannot be changed and
dummynet(4) configuration cannot be adjusted.
root@vigilante /root cuaa1# sysctl -a |grep secure
kern.securelevel: 3
root@vigilante /root cuaa1# ipfw show
00100 0 0 allow ip from any to any via lo0
00200 0 0 deny ip from any to 12...
2005 Feb 03
1
need ipfw clarification
...ased forwarding disabled,
default to accept, logging limited to 5 packets/entry by default
On 5.2.1, I used to get this:
ipfw2 initialized, divert disabled, rule-based forwarding enabled,
default to accept, logging disabled
If both cases, I am adding this to my KERNEL config:
options IPFIREWALL
options IPFIREWALL_DEFAULT_TO_ACCEPT
It seems that the major difference between 5.2.1 and 5.3 is that now
rule-based forwarding is disabled.
Is this correct? And what exactly is rule-based forwarding? I'm guessing
that it doesn't really apply to my situation, as in these cases,...
2003 Nov 01
2
ipfw2 logging
Dear list!
I have a little problem, trying
to enable logging of deny rule.
I have enabled it via kernel:
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=3
It is ipfw2. After that, my inten-
tion was to use syslogd and
!ipfw
*.* /var/log/ipfw.log
and newsyslog with
/var/log/ipfw.log 600 3 100 * J
In rc.conf I have
firewall_enable="YES"
firewall_logging="YES&q...
2003 Apr 08
7
4.8-STABLE Kernel Panic with dummynet options.
I first met this problem when our (60 students) internetgateway refused to
boot its new kernel, it was a 4.7-RELEASE. Then i loaded the old kernel and
went home to check if my 4.8-STABLE does likewise. And the answer was yes!
Both kernels were GENERIC + these options taken from the dummynet man pages:
options DUMMYNET
options NMBCLUSTERS
options HZ
When i boot the machine
2003 Sep 15
5
strange problem with: ed driver / 4.9-PRE
Hi,
in the kernel I have these lines:
[...]
device miibus # MII bus support
device rl
device ed
options IPFIREWALL #firewall
options IPFIREWALL_VERBOSE #enable logging to syslogd(8)
options IPFIREWALL_VERBOSE_LIMIT=0 #limit verbosity
options IPDIVERT #divert sockets
options DUMMYNET
options IPFW2
[...]
When the box starts it complain...
2004 Feb 06
2
IPFIREWALL_DEFAULT_TO_ACCEPT becomes default to deny
Hey Guys,
today I upgraded to 4.8-RELEASE-p15. As usual I set IPFIREWALL to default
accept in my kernel config file.
Config & make weren't complaining so, installed the kernel, reboot and there
it was:
>IP packet filtering initialized, divert disabled, rule-based forwarding
enabled, default to deny, logging disabled
Another rebuild didn't work out so......
2005 Nov 22
2
ipfw check-state issue
...network card cause it ain't so!
another thing ... if i insert pipes for traffic shaping ... the outgoing
packets are inserted into the input pipes ... but not into the outgoing
pipes .... why ?
i am missing somethin' .... what ?
kernel compiled with these additional options ....
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=10
options IPFIREWALL_FORWARD
options DUMMYNET
options HZ=1000
options IPDIVERT
enlightment please ....
thanks ...
bye bye
2004 Mar 03
2
tripwire port broken?
Dear list!
I've tried to compile
tripwire-2.3.1-2 port on
my 5.2 release. Two diffe-
rent tarballs have failed
with message, that port
was broken, all in one
sentence. No any details.
Well! Makefile has so-
mething like:
.if ${OSVERSION} >= 500000
BROKEN= "Fails to build inder 5.X"
.endif
One more:
USE_GMAKE= yes
Has someone compiled
it successfully? Is it
for a good
2004 Apr 15
2
Policy routing with IPFW
Hi There,
I've been having an issue trying to figure out a way to policy route
outbound packets from a multihomed machine through the proper interface
using IPFW to no avail.
I've tried several different incantations of IPFW fwd/forward
statements, and none of them seem to do the trick.
Basically, I have a host that has multiple Internet connections. This
host is running FreeBSD 4.9
2003 Jul 01
1
tcp 22 > tcp 22
Hi,
I spotted today following line at my FreeBSD 4.6.2-RELEASE IPFIREWALL log:
Jul 1 13:34:35 fbsd /kernel: ipfw: 1400 Accept TCP xxxxxx:22 yyyyy:22 in via
ed1
where xxxxxx is the attacker's IP and yyyyy is my box.
But in sshd log, there are no traces left behind by this connection.
Normally, there is "Did not receive identification string from xxx" et...
2004 Feb 13
3
SYN Attacks - how i cant stop it
...al solution is more 'pipe' a.k.a the
> Microsoft-solution.
> So fare I've only been guessing, but here is what I normally do with my
> setup. I'm not telling you that this is the solution! just adwises!
>
> Kernel;
> options SC_DISABLE_REBOOT
> options IPFIREWALL
> options IPFIREWALL_VERBOSE
> options IPFIREWALL_VERBOSE_LIMIT=100
> options IPDIVERT
> options IPFILTER
> options IPFILTER_LOG
> options IPSTEALTH (don't touch the ttl/can't see the wall)
> options TCP_DROP_SYNFIN (drop tcp packe...
2003 Aug 03
0
Multiple kld loads?
...nce 2.2 on this same hardware and this has never
happened before.
I see this was reported on 7/25/03 but, no follow-up:
http://lists.freebsd.org/mailman/htdig/freebsd-stable/2003-July/002329.html
Thanks.
kernel is GENERIC plus the following:
-------------------------------------
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_FORWARD
options IPFIREWALL_VERBOSE_LIMIT=100
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPDIVERT
options HZ=1000
options DUMMYNET
Dmesg follows:
--------------------------------------
bwm# dmesg...
2003 Apr 29
0
Kernel Panic in 4.8-STABLE
...m scared to play around with anything that might cause a reboot as I
can't afford this box to have downtime of ~8 - 12hrs (it's a remote
machine).
If additional information is required, please let me know. The file
that the kernel is generated from is a pretty generic copy of GENERIC
with IPFIREWALL compiled in.
Any help would be appreciated.
Thanks,
Brad
-- panic note from /var/log/messages --
Apr 24 22:13:50 tsunami /kernel:
Apr 24 22:13:50 tsunami /kernel:
Apr 24 22:13:50 tsunami /kernel: Fatal trap 12: page fault while in
kernel mode Apr 24 22:13:50 tsunami /kernel: fault virtual add...
2009 Apr 08
1
watchdog timeout
...# IPv6-to-IPv4 relaying (translation)
# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
# Note that 'bpf' is required for DHCP.
device bpf # Berkeley packet filter
# Firewall
options IPFIREWALL # enable ipfirewall
(required for dummynet)
options IPFIREWALL_VERBOSE # enable firewall output
logging to syslogd(8)
options IPFIREWALL_VERBOSE_LIMIT=0 # limit firewall verbosity
output
options IPDIVERT # dive...
2003 Sep 06
0
Fatal Trap 12: page fault while in kernel mode on IBM x340 after Aug25CVS
...lem, or am I wrong? I also believe it is not a load
issue as the load does not get much about 2 most of the time.
The only special kernel config is that it's an SMP kernel and the following
options are set:
options NMBCLUSTERS=20000
options PMAP_SHPGPERPROC=600
options IPFIREWALL
options DUMMYNET
Below is a copy of the panic message I got from a serial console and below
that is a dmesg from today.
Fatal trap 12: page fault while in kernel mode
mp_lock = 01000002; cpuid = 1; lapic.id = 00000000
fault virtual address = 0x13
fault code = supervisor rea...
2013 Nov 29
1
kernel "mismatch" on r256420
..._load_file: Unsupported file type
This is from 'ls -l' of /boot
drwxr-xr-x 2 root wheel 1.5K Nov 28 21:55 kernel/
This is from 'ls -l' of /bootpool/boot
drwxr-xr-x 2 root wheel 1.5K Nov 28 21:55 kernel/
This is my kernel file:
include GENERIC
ident theEleven
options AUDIT
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=15
options DUMMYNET
This is from rc.conf:
firewall_enable="YES"
firewall_logging="YES"
firewall_script="/etc/myScript"
firewall_quiet="NO"
firewall_logif="YES"
firewall_nat_enable="N...
2010 Jul 19
1
packet loss on ixgbe using vlans and ipv6
Hi,
I have a Dell T710 with 4 X 10G ethernet interfaces (2 X Dual port Intel
82599 cards). It is running FreeBSD RELENG_8 last updated on July 13.
What I see is packet loss (0 - 40%) on IPv6 packets in vlans, when the
machine is not the originator of the packets.
Let me try to describe a little more. If a neigbouring machine ping6 it,
there will be packet loss. If it act as a router for ipv6,
2006 Jan 26
7
strange problem with ipfw and rc.conf
...uot;
firewall_quiet="YES"
ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.rules"
ipmon_enable="YES"
ipmon_flags="-Ds"
mpd_enable="YES"
also my customized kernel (partial):
options IPFIREWALL
#firewall
options IPFIREWALL_VERBOSE
#enable logging to syslogd(8)
options IPFIREWALL_VERBOSE_LIMIT=10 #limit
verbosity
#options IPFIREWALL_DEFAULT_TO_ACCEPT #allow
everything by default
options IPFIREWALL_FORWARD...