similar to: IPFIREWALL_DEFAULT_TO_ACCEPT becomes default to deny

Hello, I noticed that after enabling firewall in my kernel (5.3-release), my dmesg now gives me this: ipfw2 initialized, divert disabled, rule-based forwarding disabled, default to accept, logging limited to 5 packets/entry by default On 5.2.1, I used to get this: ipfw2 initialized, divert disabled, rule-based forwarding enabled, default to accept, logging disabled If both cases, I am

Dear list! I've tried to compile tripwire-2.3.1-2 port on my 5.2 release. Two diffe- rent tarballs have failed with message, that port was broken, all in one sentence. No any details. Well! Makefile has so- mething like: .if ${OSVERSION} >= 500000 BROKEN= "Fails to build inder 5.X" .endif One more: USE_GMAKE= yes Has someone compiled it successfully? Is it for a good

Hi, I'm trying to get IPsec running between 2 FreeBSD (VMware) boxes, using racoon2. spmd and iked start up okay, but I get an error when I try a ping across the tunnel. /var/log/messages shows: May 5 13:52:36 biosa-vm4 iked: [INTERNAL_ERR]: if_spmd.c:726: SLID failed: 550 Operation failed May 5 13:52:36 biosa-vm4 iked: [INTERNAL_ERR]: isakmp.c:647:isakmp_initiate_cont(): 0:172.20.36.55[0]

Sigh? _____ Van: Sorisio, Chris [mailto:ChrisSorisio@PeakTechnical.com] Verzonden: vrijdag 6 februari 2004 15:56 Aan: Gogh, Ruben van Onderwerp: Out of Office AutoReply: IPFIREWALL_DEFAULT_TO_ACCEPT becomes def ault to deny I will be out of the office until February 9th, 2004. Please contact Paul DeFloria at 412.825.4772 if you require an immediate response.

Hi, I got this error when i tried to type for some of those. "sysctl: unknown oid...." any idea.. my server seems to be very lagged, where else the network connection seems fine, i think BSD itself as my other redhat box is fine. What else can i do to get optimum protection. Thanks. ----- Original Message ----- From: "Per Engelbrecht" <per@xterm.dk> To:

Hi all, I'm just setup a new freebsd to be a ftp server. ftp-ing from localhost was success, but when i was trying to ftp from other ip, got result "Connection closed by remote host." Kernel already configure with firewall (with options FIREWALL_DEFAULT_TO_ACCEPT). rc.conf file already contain "firewall_type=open". What could be the problem? I can seem to solve this

Hi there, Is there some way to configure ipfw to do traffic normalizing ("scrubbing", as in ipf for OpenBSD)? Is there any tool to do it for FreeBSD firewalling? I've heard that ipf was ported on current, anything else? TIA, /Dorin. __________________________________ Do you Yahoo!? Yahoo! Mail SpamGuard - Read only the mail you want. http://antispam.yahoo.com/tools

Hi, hackers : Yesterday night and this morning, I cvsup my system to latest STABLE branch source (RELENG_4). All make buildworld, buildkernel, and installkernel procedure was completed with no error. But when I boot into single user mode and try to make installworld, I always got " touch: not found " error. Does anyone encounter this situation ? I have no idea about that. :-( Here is

Hi, during some big discussions in the last monts on various lists, one of the problems was that some people would like to use freebsd-update but can't as they are using a custom kernel. With all the kernel modules we provide, the need for a custom kernel should be small, but on the other hand, we do not provide a small kernel-skeleton where you can load just the modules you need.

With FreeBSD 4.8-20030731-STABLE #0, dmesg messages indicate: module_register: module miibus/ukphy already exists! linker_file_sysinit "miibus.ko" failed to register! 17 module_register: module pccard/ed already exists! linker_file_sysinit "if_ed.ko" failed to register! 17 This doesn't look dangerous but the rl0 ethernet card just stopped recieving packets suddenly and

Dear Sirs. It seems to me a never ending story. We run a box with a TYAN Thunder 2500 Dual SMP mainboard, 2GB ECC Tyan certified memory, AMI Enterprise 1600 RAID adapter and additional Intel 1000/Pro server type (64 bit) GBit LAN NIC. With FreeBSD 4.8 this was stable, but to achive this state was really hard! It is a story similar to that what happend when we changed towards FreeBSD

Hi, Two quick questions that I can't seem to find answers for using google. 1) is is possible to listen outside an ipfw firewall - that is have ethereal record the packets before ipfw starts dropping them? If so how? 2) Is there an api to ipfw that will let me manipulate rules, query stats etc? I need something faster than running the command line binary? Thanks John

Hi, when starting samba it logs the following text to /var/log/messages, although I have added syslog only = no and syslog = 1. Samba's log file is /var/log/samba... How can I disable logging to syslog? Thanks! Nicole Jul 28 08:19:11 Domino1 smb: Starten von smbd succeeded Jul 28 08:19:11 Domino1 nmbd[6667]: [2004/07/28 08:19:11, 0] nmbd/asyncdns.c:start_async_dns(149) Jul 28 08:19:11

Hi all, Greetings ! I have shorewall 1.4.7 installed. Everything''s fine execpt irc access from local to net. in my rule file I have added a rule to allow loc net tcp 6667 6667 But i cannot connect to irc servers. The error is: Disconnected (). --- Looking up irc.freenode.net.. --- Connecting to irc.freenode.net (212.204.214.114) port 6667.. --- Connection failed. Error: Connection

Hi, I dont think you can deny all ddos against your box, you will need help from your isp. That is because if a person sends you enough packets, like 1mbit (and your line is 1mbit) full of packets, your connection is stuck, whether you filter or not. Though you can mitigate those by closing all non needed ports, log them if any attempt is being made to connect to them, and use a bogon list which

Hi all: I have strange probelm with rc.conf. I set up ipfw (compiled into kernel) on freebsd-5.4 and it doesn't seem to load ipfw rulesets (it uses default ruleset 65335 locking out everything). I have to do "sh /etc/ipfw.rules" in order to load the rulesets, once I did that, I can access the box from remote locations here is my rc.conf: host# more /etc/rc.conf

root@vigilante /root cuaa1# man init |tail -n 130 |head -n 5 3 Network secure mode - same as highly secure mode, plus IP packet filter rules (see ipfw(8) and ipfirewall(4)) cannot be changed and dummynet(4) configuration cannot be adjusted. root@vigilante /root cuaa1# sysctl -a |grep secure kern.securelevel: 3 root@vigilante /root cuaa1# ipfw show 00100 0 0 allow

I'm still kind of hung up looking for some definitive answers on this issue. Perhaps you guys can help me out? Frank Date: Mon, 29 Sep 2003 17:55:33 -0500 (CDT) From: "F. Even" <freebsdlists@elitists.org> Subject: re: upgrading 4.0 to stable To: freebsd-questions@freebsd.org Message-ID: <20030929225533.81D352FE@elitists.org> Content-Type: text/plain; charset=iso-8859-1

After updating my kernel from a 4.7-stable to 4.8-stable update, my SB PCI128 is no longer recognized by the pcm driver. Here is my dmesg: FreeBSD 4.8-STABLE #0: Thu Jul 17 14:13:52 CDT 2003 root@hautlos.stout.osu-res.okstate.edu:/usr/obj/usr/src/sys/GENERIC Timecounter "i8254" frequency 1193182 Hz CPU: AMD Athlon(tm) Processor (800.03-MHz 686-class CPU) Origin =

Hi, I am using IPFW on FreeBSD 4.11 I am facing two problems: - SSH sessions timeout after a while - When I run "/sbin/ipfw -q -f flush" in the rules script all connection get reset (and I am thrown out of the box). Is this standard functioning of ipfw or do I need to change any configuration? Thanks, Siddhartha