similar to: Fw-up: Re: periodic/security/550.ipfwlimit - diff for RELENG-5]

Displaying 20 results from an estimated 200 matches similar to: "Fw-up: Re: periodic/security/550.ipfwlimit - diff for RELENG-5]"

2005 Feb 22
1
periodic/security/550.ipfwlimit
550.ipfwlimit check in /etc/periodic/security takes into account only global/default verbosity limit and does not account for a specific logging limit set for a particular rule e.g.: $ ipfw -a l | fgrep log 65000 *521* 41764 deny log logamount *1000* ip from any to any $ sysctl -n net.inet.ip.fw.verbose_limit *100* >From security run output: ipfw log limit reached: 65000 519
2007 Dec 24
0
Fwd: Re: IPFW: Blocking me out. How to debug?
>Date: Sun, 23 Dec 2007 06:04:02 -0800 (PST) >From: Nash Nipples <trashy_bumper@yahoo.com> >To: freebsd-security@freebsd.org >Subject: Re: IPFW: Blocking me out. How to debug? > >Dear W.D. > >oh come on. i have the same problem. Which problem are we talking about? cut and paste problem. >cut and paste logic: > >#!/bin/sh >#1. count packets >#2.
2005 Nov 22
2
ipfw check-state issue
heya i've been using freebsd's ipfw for quite a while and recently on a new server i've got this issue with ipfw that i can't understand ... something is wrong ... 01000 8042 1947866 allow ip from any to any via fxp0 01010 0 0 allow ip from any to any via lo0 01014 9886 4170269 divert 8668 ip from any to any in via vr0 01015 0 0 check-state 01130 14679 5695969 skipto 1800 ip from
2008 Dec 04
1
rc.firewall: default loopback rules are set up even for custom file
I've just realized that I see in releng/7 something that I did not see in releng/6 - even if I use a file with custom rules in firewall_type I still get default loopback rules installed. I think that this is not correct, I am using custom rules exactly because I want to control *everything* (e.g. all deny rules come with log logamount xxx). -- Andriy Gapon
2004 Feb 11
1
Kernel log output meaning
Hello security, This output I've received from conventional cron daily job: [...] gw.nbh.ru kernel log messages: > Limiting closed port RST response from 201 to 200 packets per second [...] where fxp0 is an external interface. What could involve such a messages? In /var/log/messages the above strings was prepended by string: Feb 10 13:24:29 gw /kernel: ipfw: limit 100 reached on entry
2004 Jul 28
3
Ipfw config
If someone has some free time, can you go over my ipfw config. See if I have any problems, or things i should add. Im not an ipfw expert or anything. Here is the config. add 100 allow all from any to any via lo0 add 110 deny log all from any to 127.0.0.0/8 add 120 deny log ip from 127.0.0.0/8 to any add 00200 check-state add 00250 deny all from any to any frag in via bge0 add 00260 deny
2003 Apr 30
6
how to configure a FreeBSD firewall to pass IPSec?
I have a FreeBSD box acting as a firewall and NAT gateway I would like to set it up to transparently pass IPSec packets -- I have an IPSec VPN client running on another machine, connecting to a remote network. Is there a way to do this? I can't find any hints in the man pages.
2007 Dec 20
1
IPFW: Blocking me out. How to debug?
Dear W.D. Do you understand that by adding the rules into kernel space numbered from zero to sixty five thousand five hundred thirty four you may alter the behavior of the rule number sixty five thousand five hundred thirty five can you please define and list the goals you are trying to achieve by altering default rule in the terms you can both explain and understand. ----- Original Message
1997 Apr 22
0
2.2-970422-RELENG on ftp.freebsd.org (and about SNAP CDs..)
As many of you probably already know, a "SNAP" release is built once per day on the RELENG_2_2 branch (where 2.2.1 came from and from where future 2.2.x releases will be derived) and put up for anonymous FTP at: ftp://releng22.freebsd.org/pub/FreeBSD Since this site isn't always the easiest to get to or mirror, I will also periodically copy "known good" release snapshots
2004 Nov 15
1
[Bug 914] [RELENG] Bugs planned to be fixed *after* 3.9
http://bugzilla.mindrot.org/show_bug.cgi?id=914 Bug 914 depends on bug 712, which changed state. Bug 712 Summary: ssh does not properly utilize OS specified authentication methods on AIX http://bugzilla.mindrot.org/show_bug.cgi?id=712 What |Old Value |New Value ----------------------------------------------------------------------------
2005 Mar 29
4
[Bug 994] [RELENG] Bugs planned to be fixed for the 4.1 release
http://bugzilla.mindrot.org/show_bug.cgi?id=994 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- BugsThisDependsOn|396, 859 | Status|NEW |ASSIGNED Summary|[RELENG] Bugs planned to be |[RELENG] Bugs planned to be
2005 May 28
0
[Bug 1047] [RELENG] Bugs planned to be fixed for the release after 4.1
http://bugzilla.mindrot.org/show_bug.cgi?id=1047 Summary: [RELENG] Bugs planned to be fixed for the release after 4.1 Product: Portable OpenSSH Version: -current Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo:
2006 Oct 27
1
[Bug 822] [RELENG] Bugs planned to be fixed for 3.9
http://bugzilla.mindrot.org/show_bug.cgi?id=822 Bug 822 depends on bug 463, which changed state. Bug 463 Summary: PrintLastLog doesn't work in privsep mode http://bugzilla.mindrot.org/show_bug.cgi?id=463 What |Old Value |New Value ---------------------------------------------------------------------------- Resolution|FIXED |
2003 Aug 12
2
4.5 RELENG broken with recent patches
Got a few servers still on 4.5. /etc/make.conf contains NOPROFILE= true # Avoid compiling profiled libraries make buildworld runs fine, but buildkernel gives cc -c -O -pipe -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -fformat-extensions -ansi -nostdinc -I- -I. -I/usr/src/sys -I/usr/src/sys/../include
2007 Dec 13
3
IPFW compiled in kernel: Where is it reading the config?
Hi peeps, After compiling ipfw into the new 6.2 kernel, and typing "ipfw list", all I get is: "65535 deny ip from any to any" From reading the docs, this might indicate that this is the default rule. (I am certainly protected this way--but can't be very productive ;^) ) By the way, when I run "man ipfw" I get nothing. Using this instead:
2004 Aug 17
12
[Bug 914] [RELENG] Bugs planned to be fixed *after* 3.9
http://bugzilla.mindrot.org/show_bug.cgi?id=914 Summary: [RELENG] Bugs planned to be fixed *after* 3.9 Product: Portable OpenSSH Version: -current Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: openssh-bugs at mindrot.org
2005 Jan 11
11
[Bug 914] [RELENG] Bugs planned to be fixed *after* 3.9
http://bugzilla.mindrot.org/show_bug.cgi?id=914 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- BugsThisDependsOn| |971 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
2004 Jun 25
11
[Bug 822] [RELENG] Bugs planned to be fixed for 3.9
http://bugzilla.mindrot.org/show_bug.cgi?id=822 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- BugsThisDependsOn| |884 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
2004 Mar 30
13
[Bug 822] [RELENG] Bugs planned to be fixed for 3.9
http://bugzilla.mindrot.org/show_bug.cgi?id=822 Summary: [RELENG] Bugs planned to be fixed for 3.9 Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: openssh-bugs at mindrot.org ReportedBy:
2007 Aug 30
0
Job Openings at Collaborative Fusion
Collaborative Fusion has a number of positions we're hoping to fill in the near future. Specifically, there is an opening in the systems group. My understanding is that we're looking for an entry-level sysadmin who would help manage our growing network of FreeBSD servers. Locality to Pittsburgh, PA is a plus, but I've a feeling we could make allowances for the right person (can't