Displaying 20 results from an estimated 2000 matches similar to: "ipfilter/ipfw + bridge + out checking"
2003 May 31
3
Packet flow through IPFW+IPF+IPNAT ?
Hi.
On my FreeBSD 4.8 configured IPFW2+IPF+IPNAT and I use them all:
- IPFW - traffic accounting, shaping, balancing and filtering;
- IPFilter - policy routing;
- IPNAT - masquerading.
I want to know, how IP-packets flow through all of this components?
What's the path?
incoming: IPFW Layer2 -> IPFW&Dummynet -> IPNAT -> IPFilter ?
outgoing: IPFW Layer2 ->
2008 Jul 24
0
cvs commit: src/contrib/pf/pfctl parse.y src/lib/libc/sys Symbol.map getsockopt.2 src/sbin/ipfw ipfw.8 ipfw2.c src/sys/conf NOTES options src/sys/contrib/ipfilter/netinet ip_fil_freebsd.c src/sys/contrib/pf/net pf.c pf_ioctl.c src/sys/kern init_sysent.c
This looks like a very cool feature addition to RELENG_7! Are there
any performance penalties that you know of with this built in ?
---Mike
At 09:13 PM 7/23/2008, Julian Elischer wrote:
>julian 2008-07-24 01:13:22 UTC
>
> FreeBSD src repository
>
> Modified files: (Branch: RELENG_7)
> contrib/pf/pfctl parse.y
> lib/libc/sys
2003 Jun 06
0
Request for documenting IPSec, NAT/divert, ipfw, ipfilter ... in kernel flow ?
Hi,
sorry for cross-mailing. Reply-to: set to freebsd-net.
I have seen some discussion on freebsd-security etc. about some parts
of the subject. I have seen older messages in archives.
Regularly the same questions seem to come up.
I have not found an all-including description of the answer to s.th.
like:
"Can anybody tell me the order packets get processed in kernel related
to IPSec,
2003 Jun 07
1
Impossible to IPfilter this?
Hi!
I'm trying to increase security on my FreeBSD 4.8 firewall/DSL router/VPN
router.
My problem is with firewalling the VPN part. I'm using a tunnel to a
RedHat 7.1 box running FreeS/WAN. This tunnel allows traffic from my
internal net (172.17.0.0/24) to that box only:
spdadd 172.17.0.0/24 $REDHAT/32 any -P out ipsec esp/tunnel/$MYADDR-$REDHAT/unique;
spdadd $REDHAT/32 172.17.0.0/24
2006 Jan 26
7
strange problem with ipfw and rc.conf
Hi all:
I have strange probelm with rc.conf. I set up ipfw
(compiled into kernel) on freebsd-5.4 and it doesn't
seem to load ipfw rulesets (it uses default ruleset
65335 locking out everything). I have to do "sh
/etc/ipfw.rules" in order to load the rulesets, once I
did that, I can access the box from remote locations
here is my rc.conf:
host# more /etc/rc.conf
2003 Jun 13
1
Gigabit Ethernet Security With Ipfilter
Hello all,
I want to learn about requirements if I want to protect
gigabit network with ipfilter as transparent firewall.
Which type of hardware is required to install FreeBSD + ipf
(as transparancy ) . We use 3 gigabit ethernet to protection
which type of gigabit ethernet carts are powerfull. Also,
what about the NMBCLUSTERS , IPSTATE_SIZE and IPSTATE_MAX in
ip_state.h.
I want to collect all
2009 Dec 16
0
dhclient and pf/ipf/ipfw
Hi all.
I recently turned net.inet.udp.log_in_vain on on some of my boxen and
have been seeing UDP connection attempts to port 67 on the local host.
This initially seemed odd, as the target ip addres was indeed that of a
DHCP-configured interface and the source address was that of my DHCP
server. However, it turns out this is totally valid, as dhclient(8) does
not bind(2) on the bootpc port but
2003 May 30
2
IPFW logging brokeness?
I don't think I'm trying to do anything amazing, but IPFW's logging
features are giving me a real headache. I can't find much in the
archives either, but I find it hard to believe others havne't found this
too.
My rule:
add 100 allow log tcp from any to <my IP> <ports> limit src-addr 2
I want connecting parties to be able to form no more than 2 connection.
This
2004 Aug 10
2
Error With Kernel Module IPFILTER
I've found out from two different kernel configs
that after properly compling kernel with IPFILTER support
it causes the system not to boot. Its hard to say, what exactly it does, cause its not a local system.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
2003 Aug 03
1
ipfw or ipf w/stateful behavior
Hi,
first i must tell you, that my english is not the best,
i hav learned my english from manpages and documentation.
Please excuse this.
I have setted up a Box w/FreeBSD 4.7-RELEASE for connecting
to the w3 through an DSL/ATM-Connection.
Now i know the stateful handling of firewall-rules under linux
with iptables.In the second i have understand that FreeBSD comes with the
netfilter-extensions.
2010 Jan 15
4
Bridging firewall with snv_125 and ipfilter
Has anyone gotten a transparent firewall working? I''m using snv_125 on an IBM x346 (snv_130
goes into endless boot loops on this hardware). I can create a working bridge with dladm, but
can''t stop packets, even with "block in quick all". That stops packets on my management
interface bge0, but not on the bridge. :(
tim at ghost:~# ifconfig -a
lo0:
2003 Apr 11
2
Ipf headers not installed per default ?
Just rebuilt and installed/world kernel: FreeBSD 4.8-STABLE #0: Fri Apr 11
14:34:37 EDT 2003
Using the latest Makefile for squid25:
# fgrep \$FreeBSD /usr/ports/www/squid/Makefile
# $FreeBSD: ports/www/squid/Makefile,v 1.100 2003/04/09 08:31:30 adrian Exp $
Modified with:
# fgrep CONFIGURE_ARGS Makefile |fgrep -v \#
CONFIGURE_ARGS= --bindir=${PREFIX}/sbin --sysconfdir=${PREFIX}/etc/squid \
2004 Feb 24
3
improve ipfw rules
>> 3. I'm intrested in blocking kazaa/P2P trafic with IPFW any help in this
issue
you could possibly block connections at known p2p ports.
deny tcp from any to any 6699 step
but most of the newer protocols use dynamic ports and in turn, are
configurable.
so ipfw isn't exactly ideal on it's own for this.
-r.
-----Original Message-----
From: Pons [mailto:pons@gmx.li]
Sent:
2004 Feb 19
2
traffic normalizer for ipfw?
Hi there,
Is there some way to configure ipfw to do traffic
normalizing ("scrubbing", as in ipf for OpenBSD)? Is
there any tool to do it for FreeBSD firewalling?
I've heard that ipf was ported on current, anything
else?
TIA,
/Dorin.
__________________________________
Do you Yahoo!?
Yahoo! Mail SpamGuard - Read only the mail you want.
http://antispam.yahoo.com/tools
2003 Aug 07
1
problems with ipfilter on 5.1-RELEASE
hi all
i'm trying to get ipfilter set up on my new 5.1-RELEASE box. ipfilter
seems to be working fine. i just have a couple of issues that are
probably not very serious...
one thing is that during network startup at boot, i get the message
IPFilter: already initialized
repeated 4 times.
i think i have everything configured properly
my kernel config looks like
options IPFILTER
options
2005 Apr 29
6
IPFW disconnections and resets
Hi,
I am using IPFW on FreeBSD 4.11
I am facing two problems:
- SSH sessions timeout after a while
- When I run "/sbin/ipfw -q -f flush" in the rules script all connection
get reset (and I am thrown out of the box).
Is this standard functioning of ipfw or do I need to change any
configuration?
Thanks,
Siddhartha
2005 Dec 13
2
Useful addition to ipfw
Hello,
I've found myself in a situation where a simple data inspection
capability added to ipfw would be very useful.
I'm not thinking about anything especially sophisticated, but what
about adding an option to check byte values (or flags, similar to
tcpdump)?
An example rule could be: add deny udp from any to me 12345 udp[4]&234
being the rule true if byte 4 in the UDP
2004 Nov 30
1
FreeBSD bridge + filtering, BIG problem
Hi,
I'm afraid about having find a freebsd 5X security issue.
We have recently upgraded one gateway from 4.10 to 5.3... Following network
used:
[ISP]--xl1--[FW01]-----xl0--em0--[SR01]
|
|--fxp0--em0--[SR02]
On fw01, we have one jail.
So fw01 is configured as a bridge on xl1,xl0,fxp0. Services works (before
and after upgrade).
On 4.10, we used
2005 May 17
1
ipfw question
does anyone what is the ipfw equivalent line for this
one?
rdr fxp0 external_ip_addres/32 port 69 -> 192.168.66.3
port 69 udp
i use a tftpd server behind a nat and i want to
redirect all trafic coming from internet on port 69 to
the tftpd server
10x for help
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
2003 Mar 26
7
Multiple Firewalls with ipfilter?
We're supposed to provide redundant firewall service. I'm wondering
if anyone has ever tried to do this and if it's realistic. Basically
2 firewall machines hooked up so if one fails the other will
transparently step in. I've googled it to death without much luck.
The security issue here lies in that the 2 firewalls can't talk to
each other. So if I'm keeping state on