Displaying 20 results from an estimated 23 matches for "pfctl".
Did you mean:
fctl
2006 Mar 15
0
build world failed on pflogd
list:
cvsuped and build world failed today on pflogd.
cc -O2 -fno-strict-aliasing -pipe -Wall -Wmissing-prototypes
-Wno-uninitialized -Wstrict-prototypes
-I/usr/src/sbin/pfctl/../../contrib/pf/pfctl -DENABLE_ALTQ
-Wsystem-headers -Werror -Wall -Wno-format-y2k -Wno-uninitialized -c
/usr/src/sbin/pfctl/../../contrib/pf/pfctl/pfctl_radix.c
cc -O2 -fno-strict-aliasing -pipe -Wall -Wmissing-prototypes
-Wno-uninitialized -Wstrict-prototypes
-I/usr/src/sbin/pfctl/../../contrib/...
2006 Mar 16
1
pf: synproxy broken
...er:
this one 6.1-PRERELEASE #2: Wed Mar 15 02:02:37 MSK 2006
pf.conf just with single rule
pass in quick on lo0 proto tcp from any to any port 22 flags S/SA synproxy state
result
telnet 127.0.0.1 22
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
and it's hangs
pfctl -s rules -v
No ALTQ support in kernel
ALTQ related functions disabled
pass in quick on lo0 proto tcp from any to any port = ssh flags S/SA synproxy state
[ Evaluations: 966392 Packets: 0 Bytes: 0 States: 1 ]
pfctl -s state
No ALTQ support in kernel
ALTQ related functio...
2008 Jul 24
0
cvs commit: src/contrib/pf/pfctl parse.y src/lib/libc/sys Symbol.map getsockopt.2 src/sbin/ipfw ipfw.8 ipfw2.c src/sys/conf NOTES options src/sys/contrib/ipfilter/netinet ip_fil_freebsd.c src/sys/contrib/pf/net pf.c pf_ioctl.c src/sys/kern init_sysent.c
...RELENG_7! Are there
any performance penalties that you know of with this built in ?
---Mike
At 09:13 PM 7/23/2008, Julian Elischer wrote:
>julian 2008-07-24 01:13:22 UTC
>
> FreeBSD src repository
>
> Modified files: (Branch: RELENG_7)
> contrib/pf/pfctl parse.y
> lib/libc/sys Symbol.map getsockopt.2
> sbin/ipfw ipfw.8 ipfw2.c
> sys/conf NOTES options
> sys/contrib/ipfilter/netinet ip_fil_freebsd.c
> sys/contrib/pf/net pf.c pf_ioctl.c
> sys/kern init_sysent.c...
2020 Apr 01
5
Can't block intrusion
On 1 Apr 2020, at 22:14, Greg Troxel <gdt at lexort.com> wrote:
>
> I think you need to use tcpdump and turn up firewall debugging.
sngrep is your friend …My bet is UDP vs TCP on firewall rules :-)
Mark
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
2013 Sep 03
1
stopping dictionary attacks (pop3)
Hi Guys,
I was really hoping a couple of years later this would be addressed...
I'm running Dovecot 2.2.5 on FreeBSD.
Is there anyway to limit the number of auth attempts allowed in a
single session? The reason for this is because I have "fail2ban" setup
to firewall out any IP addresses that repeatedly auth fails. The issue
occurs when the connection is already in an
2003 Sep 08
0
Real solution for OpenBSD masq firewall w/udp connections
...ncloc_ip port = 655 to $tincrem_ip
-> \
($ext_if) port 655
# <insert "general" NAT rule here like...>
# example:
# nat on $ext_if from 10.3.4.0/24 to any -> ($ext_if)
# <insert rest of NAT rules ...>
# <insert packet filter rules ...>
Note: I had to do a "pfctl -F all -f /etc/pf.conf" (as opposed to pfctl
-F nat -F rules -f /etc/pf.conf) since I had an rdr rule that was
mucking up the state. You may not have to do that too if you had a NAT
rule that dealt with port 655.
Hope this is useful to somebody. Guus: this might make a good example
for the...
2020 Apr 01
2
Can't block intrusion
...firewall rule that is somehow
> accepting packets from new tcp or udp packets as matching an old
> connection state object. I would check for the new attempts as coming
> from something that matches the original "connection", even if UDP.
Here is the first four lines from "pfctl -sr":
pass in quick on bge0 from <FRIENDS> to any flags S/SA keep state
block drop in log quick on bge0 from <ENEMIES> to any
block drop in log quick on bge0 from <AUTOBLOCK> to any
block drop out log quick on bge0 from any to <AUTOBLOCK>
Unless pf is broken I can'...
2020 Apr 02
2
Can't block intrusion
...ng to get through.
>
> Since I started looking at this closer I did find that only some
> connections have this problem. Most get blocked as soon as the IP is
> passed to the AUTOBLOCK table.
I suspect you have a good understanding of pf.
Have you included in your script running 'pfctl -k <ip_address>' to kill
any states that may exists after you update your <AUTOBLOCK> table?
In pf, like IP Filter, the last matching rule wins.
What can't be determined from the information provided is whether any
connections that have been established from networks you hav...
2020 Apr 01
2
Can't block intrusion
...and then
restart it. Obviously not a good option on a production switch.
The other way is to null route the IP. That stops it cold. That's
better but it needs me to manually intervene. However, it does make it
clear that the IP address is not being faked somehow.
I also tried doing "pfctl -k 45.143.220.235" but that says that no
connections were dropped. It looks like pf is convinced that the
connection is gone.
So, can anyone suggest why the attack keeps happening?
--
D'Arcy J.M. Cain
Vybe Networks Inc.
A unit of Excelsior Solutions Corporation - Propelling Business Fo...
2020 Apr 01
0
Can't block intrusion
D'Arcy Cain <darcy at VybeNetworks.com> writes:
> Here is the first four lines from "pfctl -sr":
>
> pass in quick on bge0 from <FRIENDS> to any flags S/SA keep state
> block drop in log quick on bge0 from <ENEMIES> to any
> block drop in log quick on bge0 from <AUTOBLOCK> to any
> block drop out log quick on bge0 from any to <AUTOBLOCK>
agree...
2020 Apr 01
0
Can't block intrusion
...up firewall debugging.
>
> sngrep is your friend …My bet is UDP vs TCP on firewall rules :-)
>
> Mark
Or the stateful entry still exists when the table entry is updated.
Does your script also issue a command to kill existing states from that
host after it has updated the table, e.g. pfctl -k 45.143.220.235
Larry.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20200402/039916cd/attachment.html>
2020 Apr 02
0
Can't block intrusion
On 2020-04-02 08:01, Larry Moore wrote:
> I suspect you have a good understanding of pf.
Pretty good I think. As with everything I am always willing to learn more.
> Have you included in your script running 'pfctl -k <ip_address>' to kill
> any states that may exists after you update your <AUTOBLOCK> table?
I haven't yet because I want to watch the effect of doing it. When I
see the problem happening I run that manually and watch to see if it
stops the attack in its tracks or if I st...
2005 Oct 25
1
pf and short packets
...0x0020: 5db7 f2f2 5010 ffff 7dce 0000 ]...P...}...
The rule for this packet is not a "log" one, but the sign (short) is
what i cannot understand. The only place i have found this word is in
man pflogd (reason why this packet appers in this log)
When i'm disabling pf by pfctl -d everything works just fine and i can
get my ip accounting.
Best regards,
Anton Nikiforov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2218 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists....
2004 Nov 20
7
Importing into rc.firewal rules
I have a grown list of IPs that I am "deny ip from ###.### to any".
Infected machines, hackers, etc..
Is there a way to have this list outside of rc.firewall and just read it
in?
2005 Dec 19
7
Brute Force Detection + Advanced Firewall Policy
Any BFD/AFP softwares available for FreeBSD 4.10?
Im getting flooded with ssh and ftp attempts.
2005 Apr 29
6
IPFW disconnections and resets
Hi,
I am using IPFW on FreeBSD 4.11
I am facing two problems:
- SSH sessions timeout after a while
- When I run "/sbin/ipfw -q -f flush" in the rules script all connection
get reset (and I am thrown out of the box).
Is this standard functioning of ipfw or do I need to change any
configuration?
Thanks,
Siddhartha
2004 Nov 30
1
FreeBSD bridge + filtering, BIG problem
Hi,
I'm afraid about having find a freebsd 5X security issue.
We have recently upgraded one gateway from 4.10 to 5.3... Following network
used:
[ISP]--xl1--[FW01]-----xl0--em0--[SR01]
|
|--fxp0--em0--[SR02]
On fw01, we have one jail.
So fw01 is configured as a bridge on xl1,xl0,fxp0. Services works (before
and after upgrade).
On 4.10, we used
2009 Sep 30
1
Update on protection against slowloris
Hi list!
We tested mod_antiloris 0.4 and found it quite efficient, but before
putting it in production, we would like to hear some feedback from
freebsd users. We are using Apache 2.2.x on Freebsd 6.2 and 7.2. Is
anyone using it? Do you have any other way to patch against Slowloris
other than putting a proxy in front or using the HTTP accept filter?
Thanks for your feedback,
Martin
2004 Dec 10
2
need some advice on connections logs
Hello-
What is the best way to deal with getting logs for someone attacking my
box? I am not really sure, but I think it may involve tcpdump. Is
there any way to implement this so that it can be running before an
attack happens?.....see the problem is, that I do not have physical
access to the box and if it is taken down(unaccessible by remote means),
I cannot log in to start a dump. What
2020 Mar 11
6
[PATCH 0/1] *** SUBJECT HERE ***
Hi,
sifting through my system's logs, I noticed many break-in attempts by
rogue ssh clients trying long lists of common passwords. For some time
now I pondered different approaches to counter these, but could not come
up with a solution that really satisfied me.
I finally reached the conclusion that any countermeasures required
support in sshd itself, and created the attached patch. If