similar to: IPFW disconnections and resets

Hi, This is the first time I've come across this: pid 11415 (ipfw), uid 0: exited on signal 11 (core dumped) The core dump landed in root's home directory in one of my jails. Has anyone seen this before? Should I be concerned? chkrootkit says nothing. (How trustworthy is its output? ;-) Thanks. Cheers. -- Ng Pheng Siong <ngps@netmemetic.com> http://firewall.rulemaker.net

I've been using ipfw for a while to create a router with NAT and packet filtering, but have never combined it with stateful filtering, instead using things like "established" to accept incoming TCP packets which are part of a conversation initiated from the "inside". I'd like to move to using keep-state/check-state to get tighter filtering and also to allow outgoing

Hi all, I'm just setup a new freebsd to be a ftp server. ftp-ing from localhost was success, but when i was trying to ftp from other ip, got result "Connection closed by remote host." Kernel already configure with firewall (with options FIREWALL_DEFAULT_TO_ACCEPT). rc.conf file already contain "firewall_type=open". What could be the problem? I can seem to solve this

Hi, in the kernel I have these lines: [...] device miibus # MII bus support device rl device ed options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #enable logging to syslogd(8) options IPFIREWALL_VERBOSE_LIMIT=0 #limit verbosity options IPDIVERT #divert sockets options DUMMYNET

Hi, Two quick questions that I can't seem to find answers for using google. 1) is is possible to listen outside an ipfw firewall - that is have ethereal record the packets before ipfw starts dropping them? If so how? 2) Is there an api to ipfw that will let me manipulate rules, query stats etc? I need something faster than running the command line binary? Thanks John

Hi, I'm using kernel FreeBSD 10.0-BETA3 #2 r257635 kernel. I am trying to add port number to ipfw tables. But there is something strange : Problem is easily repeatable. #ipfw table 1 flush #ipfw table 1 add 4899 #ipfw table 1 list ::/0 0 #ipfw table 1 flush #ipfw table 1 add 10.2.3.01 ( not 10.0.0.1, the last 1 has 0 as prefix ) #ipfw table 1 list ::/0 0 #ipfw table 1 delete ::/0

hi - this is my first post to this list so go easy on me ! I am trying to find info on using ipfw2 with freebsd 5.2.1 as I have read that it supports MAC address based firewalling. Situation is, I have a small externally managed VPN network, about 12 different subnets all terminating in my office location, and all managed by a tier 1 telco. Problem is, their CPE routers do not have any firewalling

Dear All. I want to use 'not' for 2 addresses (for both) in ipfw2 rule. The only way that looks like what I need is # ipfw add count from IP1 to not IP2,IP3 But does this rule indeed makes what I want? Does it count all packets destined to addresses other then IP2 AND IP3?! No other syntax works. For example more logically correct not IP2 AND not IP3 or even not { IP2 or IP3 } are

Hi, Is it possible to integrate SNORT with IPFW. I have an entire network behind an IPFW BRIDGE. Just need IDS capability enabled for the network. Just an hint is enough. Any other way I can achieve this in IPFW. -Sunil Sunder Raj

Hi, I have a system with a 4.11 Kernel. Unless I'm doing something very wrong, there seems to be something odd with ipfw. Take the following rules: ipfw add 00280 allow tcp from any to any 22 out via bge0 setup keep- state ipfw add 00299 deny log all from any to any out via bge0 ipfw add 0430 allow log tcp from any to me 22 in via bge0 setup limit src-addr 2 ipfw add 00499 deny log

Hi. On my FreeBSD 4.8 configured IPFW2+IPF+IPNAT and I use them all: - IPFW - traffic accounting, shaping, balancing and filtering; - IPFilter - policy routing; - IPNAT - masquerading. I want to know, how IP-packets flow through all of this components? What's the path? incoming: IPFW Layer2 -> IPFW&Dummynet -> IPNAT -> IPFilter ? outgoing: IPFW Layer2 ->

Hi all: Did any one use ipfw with CARP before? is there anything specific about ipfw configurations working with CARP? I have two servers and they configured with CARP. they are working fine except i can't turn on ipfw. I have the exact same configuration except ip addresses; those same rule sets of ipfw work on one server but not on another. Thanks all

Hi all: I have strange probelm with rc.conf. I set up ipfw (compiled into kernel) on freebsd-5.4 and it doesn't seem to load ipfw rulesets (it uses default ruleset 65335 locking out everything). I have to do "sh /etc/ipfw.rules" in order to load the rulesets, once I did that, I can access the box from remote locations here is my rc.conf: host# more /etc/rc.conf

I am trying to limit outgoing SMTP traffic to about 14 Mbps and these are the IPFW rules I am using. ${fwcmd} add pipe 1 tcp from 192.168.0.0/24 to any 25 out via dc0 ${fwcmd} pipe 1 config bw 14Mbit/s I've tried multiple tweaks to the pipe rule and I seem to be missing something. I only get about half the bandwidth I specify. Is this normal behavior? Is there something wrong

>> 3. I'm intrested in blocking kazaa/P2P trafic with IPFW any help in this issue you could possibly block connections at known p2p ports. deny tcp from any to any 6699 step but most of the newer protocols use dynamic ports and in turn, are configurable. so ipfw isn't exactly ideal on it's own for this. -r. -----Original Message----- From: Pons [mailto:pons@gmx.li] Sent:

Ok, I am really stumped on this one. I setup ipfw with all my rules. Everything works great except for dns. If I do nslookup I get -su-2.05b# nslookup yahoo.com Server: localhost.webspacesolutions.com Address: 127.0.0.1 *** localhost.webspacesolutions.com can't find yahoo.com: Non-existent host/domain This is what I have in my ipfw.rules add 00310 allow tcp from any to any 53 out via

-- On Friday, November 21, 2003 12:48 PM -0800 "David Wolfskill - david@catwhisker.org" <+freebsd-security+openmacnews+0459602105.david#catwhisker.org@spamgourmet.com> wrote: David, thanks for your reply! >> i've been struggling with setting appropriate rules for an SMTP-server >> behind by NAT'd firewall. > > OK.... <snip> > >>

Hello folks, I'm trying to set up a ruleset that limits every user to X tcp connections, since I have 300 active users on each server. I've been trying to work it out with the ipfw limit but I really don't know how effective it is. For example: ipfw -q add 15 allow tcp from me to any 80 limit dst-port X keep-state out setup Will this limit the whole machine to X

Hello, I've found myself in a situation where a simple data inspection capability added to ipfw would be very useful. I'm not thinking about anything especially sophisticated, but what about adding an option to check byte values (or flags, similar to tcpdump)? An example rule could be: add deny udp from any to me 12345 udp[4]&234 being the rule true if byte 4 in the UDP

Hi, I think this is worth a note. It was generally said the decision between deny and reject (aka unreach) could be taken lightly - and most people seem to prefer "deny", which complicates things for an attacker, because packets just vanish without any report and tasks timeout. But from my viewpoint, this argument falls into the category "security by obscurity", and I found