similar to: Controlling access at the Ethernet level

Hi Adrian, Sunday, April 4, 2004, 10:22:33 PM, you wrote: AP> We have thought about using static MAC entries per port on managed AP> switches installed at the client endpoints, but that would require a AP> overwhelming budget. We are also thinking about L2TP and PPPoE, but I AP> am uncertain about compatibility. AP> What would you recommand ? Are there any other elegant

Hi, I have a system with a 4.11 Kernel. Unless I'm doing something very wrong, there seems to be something odd with ipfw. Take the following rules: ipfw add 00280 allow tcp from any to any 22 out via bge0 setup keep- state ipfw add 00299 deny log all from any to any out via bge0 ipfw add 0430 allow log tcp from any to me 22 in via bge0 setup limit src-addr 2 ipfw add 00499 deny log

hi - this is my first post to this list so go easy on me ! I am trying to find info on using ipfw2 with freebsd 5.2.1 as I have read that it supports MAC address based firewalling. Situation is, I have a small externally managed VPN network, about 12 different subnets all terminating in my office location, and all managed by a tier 1 telco. Problem is, their CPE routers do not have any firewalling

We're being ping-flooded by the Nachi worm, which probes subnets for systems to attack by sending 92-byte ping packets. Unfortunately, IPFW doesn't seem to have the ability to filter packets by length. Assuming that I stick with IPFW, what's the best way to stem the tide? --Brett Glass

Hello, I noticed that after enabling firewall in my kernel (5.3-release), my dmesg now gives me this: ipfw2 initialized, divert disabled, rule-based forwarding disabled, default to accept, logging limited to 5 packets/entry by default On 5.2.1, I used to get this: ipfw2 initialized, divert disabled, rule-based forwarding enabled, default to accept, logging disabled If both cases, I am

The man page gives this example, however, when I attempt to use it, it seems to block the whole set? Could someone tell me what's going wrong here please. Thanks heaps.. This works, ${fwcmd} add deny log all from any to 203.1.96.1 in via ${oif} This blocks the whole IP block, not just the list? ${fwcmd} add deny log all from any to 203.1.96.0/24{2,6-25,27-154,156-19

Hi, On 8/10/06, Mark Bucciarelli <mark@gaiahost.coop> wrote: > > > There's a scary security alert from yesterday out and no port > update so I judged it to be isp-related. I looked for > ports-security list but didn't see one. > > You know, that might be a very good ideea -- e.g. have a security team and list for ports as we have one for the base distribution.

Hi all I am trying to get rid of strings: kernel: Connection attempt to UDP FREEBSD_IP:port from DNSSERVER_IP:53 on my console and in log file I understand that those are replies on DNS queries that for some reason took too long time to be answered. I do not want to turn off the "log in vain" feature. As these strings fill up my log I am afraid to miss some sensitive messages (e.g.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:14.arp Security Advisory The FreeBSD Project Topic: denial of service due to ARP resource starvation Category: core Module: sys Announced:

Dear list! I have a little problem, trying to enable logging of deny rule. I have enabled it via kernel: options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=3 It is ipfw2. After that, my inten- tion was to use syslogd and !ipfw *.* /var/log/ipfw.log and newsyslog with /var/log/ipfw.log 600 3 100 * J In rc.conf I have firewall_enable="YES"

Dear All. I want to use 'not' for 2 addresses (for both) in ipfw2 rule. The only way that looks like what I need is # ipfw add count from IP1 to not IP2,IP3 But does this rule indeed makes what I want? Does it count all packets destined to addresses other then IP2 AND IP3?! No other syntax works. For example more logically correct not IP2 AND not IP3 or even not { IP2 or IP3 } are

root@vigilante /root cuaa1# man init |tail -n 130 |head -n 5 3 Network secure mode - same as highly secure mode, plus IP packet filter rules (see ipfw(8) and ipfirewall(4)) cannot be changed and dummynet(4) configuration cannot be adjusted. root@vigilante /root cuaa1# sysctl -a |grep secure kern.securelevel: 3 root@vigilante /root cuaa1# ipfw show 00100 0 0 allow

Hi. Since this revision (appeared in 6.3) I think ipfw violates POLA. I mean "ipfw table N list" shows values of table in Internet '.' notation. A friend of mine was surprised to found Internet representation of this "optional 32-bit unsigned value". For example security/bruteblock stores unix timestamps here and AFAICS there is no possibility to come back to the

Hi, in the kernel I have these lines: [...] device miibus # MII bus support device rl device ed options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #enable logging to syslogd(8) options IPFIREWALL_VERBOSE_LIMIT=0 #limit verbosity options IPDIVERT #divert sockets options DUMMYNET

Hello, I''m looking how (if) can I solve the following problem using HTB and iproute2: I need to assing the same bandwidth limit to every client, but the problem is that clients will be random - i.e. I know niether number of clients no IP or MAC addresses. If anybody knows FreeBSD''s ipfw2 - I''m looking for something like "ipfw pipe 150 config mask dst-ip 0xffffffff

I hesitate to call this a "bug" as I don't know all the history behind the ipfw2 decisions, so let me toss this out there and see I'm just missing something. Overview ======== The negated operator, "not recv any" was taken to mean "any packet never received by an interface" believed to be equivalent to "any packet that originated on the current

Hi. On my FreeBSD 4.8 configured IPFW2+IPF+IPNAT and I use them all: - IPFW - traffic accounting, shaping, balancing and filtering; - IPFilter - policy routing; - IPNAT - masquerading. I want to know, how IP-packets flow through all of this components? What's the path? incoming: IPFW Layer2 -> IPFW&Dummynet -> IPNAT -> IPFilter ? outgoing: IPFW Layer2 ->

Dear Security team, I'm Kamolpat Pornatiwiwat, Sys admin of DMaccess Co., Ltd. I'm got the problem, My FreeBSD 6.0 got Dos attacked. What should I do? At the present, I decide to stop apache and leave only mail feature on functioning. Any guide/recommend/solution will be appreciated. More detail about my server: ====================== FreeBSD 6.0 apache-1.3.34_4 php5-5.1.2_1 MySQL

Dear all! Last evening I've noticed that my 5.2 box had strange result about nmap search. One port is randomly open when I look from user account. From root everything looks as expected. The comp is most time out of internet. The last thing was adding "expect" package. I am not paniced, could be hiting... Or something in "expect" package... It is random port from 53000 to

Hello, I'm having a lot of trouble installing FreeBSD 4.8. First I tried installing 4.8-Stable, but I got kernel panic 12. After that I tried installing 4.8-Release, but it still gave me kernel panic 12 (sometimes while almost done booting, or short after a boot, while trying to cvsup the ports-tree). Also tried a few 4.7-Stable snapshots, but also had the same problem. It was not until