Displaying 20 results from an estimated 6000 matches similar to: "IPFW Problems"
2006 Apr 17
3
IPFW Problems?
Hi,
I have a system with a 4.11 Kernel. Unless I'm doing something very
wrong, there seems to be something odd with ipfw.
Take the following rules:
ipfw add 00280 allow tcp from any to any 22 out via bge0 setup keep-
state
ipfw add 00299 deny log all from any to any out via bge0
ipfw add 0430 allow log tcp from any to me 22 in via bge0 setup limit
src-addr 2
ipfw add 00499 deny log
2008 Jul 24
0
cvs commit: src/contrib/pf/pfctl parse.y src/lib/libc/sys Symbol.map getsockopt.2 src/sbin/ipfw ipfw.8 ipfw2.c src/sys/conf NOTES options src/sys/contrib/ipfilter/netinet ip_fil_freebsd.c src/sys/contrib/pf/net pf.c pf_ioctl.c src/sys/kern init_sysent.c
This looks like a very cool feature addition to RELENG_7! Are there
any performance penalties that you know of with this built in ?
---Mike
At 09:13 PM 7/23/2008, Julian Elischer wrote:
>julian 2008-07-24 01:13:22 UTC
>
> FreeBSD src repository
>
> Modified files: (Branch: RELENG_7)
> contrib/pf/pfctl parse.y
> lib/libc/sys
2004 Jul 28
3
Ipfw config
If someone has some free time, can you go over my ipfw config. See if I
have any problems, or things i should add. Im not an ipfw expert or
anything. Here is the config.
add 100 allow all from any to any via lo0
add 110 deny log all from any to 127.0.0.0/8
add 120 deny log ip from 127.0.0.0/8 to any
add 00200 check-state
add 00250 deny all from any to any frag in via bge0
add 00260 deny
2004 Feb 06
1
ipfw question
Dear All.
I want to use 'not' for 2 addresses (for both) in ipfw2 rule.
The only way that looks like what I need is
# ipfw add count from IP1 to not IP2,IP3
But does this rule indeed makes what I want? Does it count all
packets destined to addresses other then IP2 AND IP3?!
No other syntax works.
For example more logically correct
not IP2 AND not IP3
or even
not { IP2 or IP3 }
are
2008 Jul 29
3
ipfw "bug" - recv any = not recv any
I hesitate to call this a "bug" as I don't know all the history behind
the ipfw2 decisions, so let me toss this out there and see I'm just
missing something.
Overview
========
The negated operator, "not recv any" was taken to mean "any packet never
received by an interface" believed to be equivalent to "any packet that
originated on the current
2003 Apr 10
0
panic: vinvalbuf: flush failed
Hi,
We have a pretty serious problem with our news server crashing
during the expire cronjob. This happened with 4.7-RELEASE, so
we upgraded to 4.8-RELEASE recently, hoping that the problem
might be fixed, but it isn't. The machine is a Compaq DL360-G2.
I've searched the PR database as well as the mailing list
archives for the panic string, but didn't find anything.
What makes the
2003 Jul 19
0
[PATCH] ipfw2 fails with 'bad command' error
>Submitter-Id: current-users
>Originator: Andy Gilligan
>Confidential: no
>Synopsis: [PATCH] ipfw2 fails with 'bad command' error
>Severity: serious
>Priority: high
>Category: bin
>Class: sw-bug
>Release: FreeBSD 4.8-STABLE i386
>Environment:
System: FreeBSD vega 4.8-STABLE FreeBSD 4.8-STABLE #13: Sun Jul 20 01:01:07 BST 2003
2003 May 31
3
Packet flow through IPFW+IPF+IPNAT ?
Hi.
On my FreeBSD 4.8 configured IPFW2+IPF+IPNAT and I use them all:
- IPFW - traffic accounting, shaping, balancing and filtering;
- IPFilter - policy routing;
- IPNAT - masquerading.
I want to know, how IP-packets flow through all of this components?
What's the path?
incoming: IPFW Layer2 -> IPFW&Dummynet -> IPNAT -> IPFilter ?
outgoing: IPFW Layer2 ->
2005 Feb 03
1
need ipfw clarification
Hello,
I noticed that after enabling firewall in my kernel (5.3-release), my
dmesg now gives me this:
ipfw2 initialized, divert disabled, rule-based forwarding disabled,
default to accept, logging limited to 5 packets/entry by default
On 5.2.1, I used to get this:
ipfw2 initialized, divert disabled, rule-based forwarding enabled,
default to accept, logging disabled
If both cases, I am
2003 Nov 01
2
ipfw2 logging
Dear list!
I have a little problem, trying
to enable logging of deny rule.
I have enabled it via kernel:
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=3
It is ipfw2. After that, my inten-
tion was to use syslogd and
!ipfw
*.* /var/log/ipfw.log
and newsyslog with
/var/log/ipfw.log 600 3 100 * J
In rc.conf I have
firewall_enable="YES"
2004 Sep 07
1
ipfw2 in 5.2.1
hi - this is my first post to this list so go easy on me ! I am trying to find info on using ipfw2 with freebsd 5.2.1 as I have read that it supports MAC address based firewalling. Situation is, I have a small externally managed VPN network, about 12 different subnets all terminating in my office location, and all managed by a tier 1 telco. Problem is, their CPE routers do not have any firewalling
2005 Jan 13
1
Listening outside ipfw / program interface to ipfw
Hi,
Two quick questions that I can't seem to find answers for using google.
1) is is possible to listen outside an ipfw firewall - that is have
ethereal record the packets before ipfw starts dropping them? If so how?
2) Is there an api to ipfw that will let me manipulate rules, query
stats etc? I need something faster than running the command line binary?
Thanks
John
2013 Nov 19
3
ipfw table add problem
Hi,
I'm using kernel FreeBSD 10.0-BETA3 #2 r257635 kernel.
I am trying to add port number to ipfw tables. But there is something
strange :
Problem is easily repeatable.
#ipfw table 1 flush
#ipfw table 1 add 4899
#ipfw table 1 list
::/0 0
#ipfw table 1 flush
#ipfw table 1 add 10.2.3.01 ( not 10.0.0.1, the last 1 has 0 as
prefix )
#ipfw table 1 list
::/0 0
#ipfw table 1 delete ::/0
2005 Apr 29
6
IPFW disconnections and resets
Hi,
I am using IPFW on FreeBSD 4.11
I am facing two problems:
- SSH sessions timeout after a while
- When I run "/sbin/ipfw -q -f flush" in the rules script all connection
get reset (and I am thrown out of the box).
Is this standard functioning of ipfw or do I need to change any
configuration?
Thanks,
Siddhartha
how to get IPFW rules for SMTP server behind NAT server "right"? (freebsd-security: message 1 of 20)
2003 Nov 21
1
how to get IPFW rules for SMTP server behind NAT server "right"? (freebsd-security: message 1 of 20)
-- On Friday, November 21, 2003 12:48 PM -0800 "David Wolfskill - david@catwhisker.org"
<+freebsd-security+openmacnews+0459602105.david#catwhisker.org@spamgourmet.com> wrote:
David,
thanks for your reply!
>> i've been struggling with setting appropriate rules for an SMTP-server
>> behind by NAT'd firewall.
>
> OK....
<snip>
>
>>
2005 Jun 29
0
FreeBSD Security Advisory FreeBSD-SA-05:13.ipfw
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-05:13.ipfw Security Advisory
The FreeBSD Project
Topic: ipfw packet matching errors with address tables
Category: core
Module: netinet
2005 Jun 29
0
FreeBSD Security Advisory FreeBSD-SA-05:13.ipfw
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-05:13.ipfw Security Advisory
The FreeBSD Project
Topic: ipfw packet matching errors with address tables
Category: core
Module: netinet
2005 May 13
2
Equal bandwidth for any client (i.e. automatic class generation)
Hello,
I''m looking how (if) can I solve the following problem using HTB and iproute2:
I need to assing the same bandwidth limit to every client, but the problem is that clients will be random - i.e. I know niether number of clients no IP or MAC addresses.
If anybody knows FreeBSD''s ipfw2 - I''m looking for something like "ipfw pipe 150 config mask dst-ip 0xffffffff
2003 Nov 21
0
how to get IPFW rules for SMTP server behind NAT server "right"?
hi all,
i've been struggling with setting appropriate rules for an SMTP-server
behind by NAT'd firewall.
it's not that there is too little info on the web -- or here, for that
matter -- there's scads of it for seemingly endless configs/req'ts --
none that seem to be exactly my own.
bottom line: i'm a bit confused, and looking for some experienced
advice.
my goals (for
2006 Jan 11
0
FreeBSD Security Advisory FreeBSD-SA-06:04.ipfw
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-06:04.ipfw Security Advisory
The FreeBSD Project
Topic: ipfw IP fragment denial of service
Category: core
Module: ipfw
Announced: