search for: ipfirewall

Hi, Two quick questions that I can't seem to find answers for using google. 1) is is possible to listen outside an ipfw firewall - that is have ethereal record the packets before ipfw starts dropping them? If so how? 2) Is there an api to ipfw that will let me manipulate rules, query stats etc? I need something faster than running the command line binary? Thanks John

...for helping newcomers on the hackerscene -----Oorspronkelijk bericht----- Van: freebsd-security-bounces@lists.elvandar.org [mailto:freebsd-security-bounces@lists.elvandar.org]Namens Spades Verzonden: zaterdag 7 februari 2004 7:29 Aan: freebsd-security@freebsd.org Onderwerp: [Freebsd-security] Re: IPFIREWALL Heya, lately my freebsd connection is being slow'd down after it got ddos by some kiddies, and i got this feeling it is still being packetted by in small amt cos i can feel a constant lag. i have ipfw running and denied all icmp Any idea how i can secure my box against all ddos and prevent...

root@vigilante /root cuaa1# man init |tail -n 130 |head -n 5 3 Network secure mode - same as highly secure mode, plus IP packet filter rules (see ipfw(8) and ipfirewall(4)) cannot be changed and dummynet(4) configuration cannot be adjusted. root@vigilante /root cuaa1# sysctl -a |grep secure kern.securelevel: 3 root@vigilante /root cuaa1# ipfw show 00100 0 0 allow ip from any to any via lo0 00200 0 0 deny ip from any to 12...

...ased forwarding disabled, default to accept, logging limited to 5 packets/entry by default On 5.2.1, I used to get this: ipfw2 initialized, divert disabled, rule-based forwarding enabled, default to accept, logging disabled If both cases, I am adding this to my KERNEL config: options IPFIREWALL options IPFIREWALL_DEFAULT_TO_ACCEPT It seems that the major difference between 5.2.1 and 5.3 is that now rule-based forwarding is disabled. Is this correct? And what exactly is rule-based forwarding? I'm guessing that it doesn't really apply to my situation, as in these cases,...

Dear list! I have a little problem, trying to enable logging of deny rule. I have enabled it via kernel: options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=3 It is ipfw2. After that, my inten- tion was to use syslogd and !ipfw *.* /var/log/ipfw.log and newsyslog with /var/log/ipfw.log 600 3 100 * J In rc.conf I have firewall_enable="YES" firewall_logging="YES&q...

I first met this problem when our (60 students) internetgateway refused to boot its new kernel, it was a 4.7-RELEASE. Then i loaded the old kernel and went home to check if my 4.8-STABLE does likewise. And the answer was yes! Both kernels were GENERIC + these options taken from the dummynet man pages: options DUMMYNET options NMBCLUSTERS options HZ When i boot the machine

Hi, in the kernel I have these lines: [...] device miibus # MII bus support device rl device ed options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #enable logging to syslogd(8) options IPFIREWALL_VERBOSE_LIMIT=0 #limit verbosity options IPDIVERT #divert sockets options DUMMYNET options IPFW2 [...] When the box starts it complain...

Hey Guys, today I upgraded to 4.8-RELEASE-p15. As usual I set IPFIREWALL to default accept in my kernel config file. Config & make weren't complaining so, installed the kernel, reboot and there it was: >IP packet filtering initialized, divert disabled, rule-based forwarding enabled, default to deny, logging disabled Another rebuild didn't work out so......

...network card cause it ain't so! another thing ... if i insert pipes for traffic shaping ... the outgoing packets are inserted into the input pipes ... but not into the outgoing pipes .... why ? i am missing somethin' .... what ? kernel compiled with these additional options .... options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=10 options IPFIREWALL_FORWARD options DUMMYNET options HZ=1000 options IPDIVERT enlightment please .... thanks ... bye bye

Dear list! I've tried to compile tripwire-2.3.1-2 port on my 5.2 release. Two diffe- rent tarballs have failed with message, that port was broken, all in one sentence. No any details. Well! Makefile has so- mething like: .if ${OSVERSION} >= 500000 BROKEN= "Fails to build inder 5.X" .endif One more: USE_GMAKE= yes Has someone compiled it successfully? Is it for a good

Hi There, I've been having an issue trying to figure out a way to policy route outbound packets from a multihomed machine through the proper interface using IPFW to no avail. I've tried several different incantations of IPFW fwd/forward statements, and none of them seem to do the trick. Basically, I have a host that has multiple Internet connections. This host is running FreeBSD 4.9

Hi, I spotted today following line at my FreeBSD 4.6.2-RELEASE IPFIREWALL log: Jul 1 13:34:35 fbsd /kernel: ipfw: 1400 Accept TCP xxxxxx:22 yyyyy:22 in via ed1 where xxxxxx is the attacker's IP and yyyyy is my box. But in sshd log, there are no traces left behind by this connection. Normally, there is "Did not receive identification string from xxx" et...

...al solution is more 'pipe' a.k.a the > Microsoft-solution. > So fare I've only been guessing, but here is what I normally do with my > setup. I'm not telling you that this is the solution! just adwises! > > Kernel; > options SC_DISABLE_REBOOT > options IPFIREWALL > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=100 > options IPDIVERT > options IPFILTER > options IPFILTER_LOG > options IPSTEALTH (don't touch the ttl/can't see the wall) > options TCP_DROP_SYNFIN (drop tcp packe...

...nce 2.2 on this same hardware and this has never happened before. I see this was reported on 7/25/03 but, no follow-up: http://lists.freebsd.org/mailman/htdig/freebsd-stable/2003-July/002329.html Thanks. kernel is GENERIC plus the following: ------------------------------------- options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_FORWARD options IPFIREWALL_VERBOSE_LIMIT=100 options IPFIREWALL_DEFAULT_TO_ACCEPT options IPDIVERT options HZ=1000 options DUMMYNET Dmesg follows: -------------------------------------- bwm# dmesg...

...m scared to play around with anything that might cause a reboot as I can't afford this box to have downtime of ~8 - 12hrs (it's a remote machine). If additional information is required, please let me know. The file that the kernel is generated from is a pretty generic copy of GENERIC with IPFIREWALL compiled in. Any help would be appreciated. Thanks, Brad -- panic note from /var/log/messages -- Apr 24 22:13:50 tsunami /kernel: Apr 24 22:13:50 tsunami /kernel: Apr 24 22:13:50 tsunami /kernel: Fatal trap 12: page fault while in kernel mode Apr 24 22:13:50 tsunami /kernel: fault virtual add...

...# IPv6-to-IPv4 relaying (translation) # The `bpf' device enables the Berkeley Packet Filter. # Be aware of the administrative consequences of enabling this! # Note that 'bpf' is required for DHCP. device bpf # Berkeley packet filter # Firewall options IPFIREWALL # enable ipfirewall (required for dummynet) options IPFIREWALL_VERBOSE # enable firewall output logging to syslogd(8) options IPFIREWALL_VERBOSE_LIMIT=0 # limit firewall verbosity output options IPDIVERT # dive...

...lem, or am I wrong? I also believe it is not a load issue as the load does not get much about 2 most of the time. The only special kernel config is that it's an SMP kernel and the following options are set: options NMBCLUSTERS=20000 options PMAP_SHPGPERPROC=600 options IPFIREWALL options DUMMYNET Below is a copy of the panic message I got from a serial console and below that is a dmesg from today. Fatal trap 12: page fault while in kernel mode mp_lock = 01000002; cpuid = 1; lapic.id = 00000000 fault virtual address = 0x13 fault code = supervisor rea...

..._load_file: Unsupported file type This is from 'ls -l' of /boot drwxr-xr-x 2 root wheel 1.5K Nov 28 21:55 kernel/ This is from 'ls -l' of /bootpool/boot drwxr-xr-x 2 root wheel 1.5K Nov 28 21:55 kernel/ This is my kernel file: include GENERIC ident theEleven options AUDIT options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=15 options DUMMYNET This is from rc.conf: firewall_enable="YES" firewall_logging="YES" firewall_script="/etc/myScript" firewall_quiet="NO" firewall_logif="YES" firewall_nat_enable="N...

Hi, I have a Dell T710 with 4 X 10G ethernet interfaces (2 X Dual port Intel 82599 cards). It is running FreeBSD RELENG_8 last updated on July 13. What I see is packet loss (0 - 40%) on IPv6 packets in vlans, when the machine is not the originator of the packets. Let me try to describe a little more. If a neigbouring machine ping6 it, there will be packet loss. If it act as a router for ipv6,

...uot; firewall_quiet="YES" ipfilter_enable="YES" ipfilter_rules="/etc/ipf.rules" ipmon_enable="YES" ipmon_flags="-Ds" mpd_enable="YES" also my customized kernel (partial): options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #enable logging to syslogd(8) options IPFIREWALL_VERBOSE_LIMIT=10 #limit verbosity #options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default options IPFIREWALL_FORWARD...