similar to: improve ipfw rules

Hi there, Is there some way to configure ipfw to do traffic normalizing ("scrubbing", as in ipf for OpenBSD)? Is there any tool to do it for FreeBSD firewalling? I've heard that ipf was ported on current, anything else? TIA, /Dorin. __________________________________ Do you Yahoo!? Yahoo! Mail SpamGuard - Read only the mail you want. http://antispam.yahoo.com/tools

Hi. On my FreeBSD 4.8 configured IPFW2+IPF+IPNAT and I use them all: - IPFW - traffic accounting, shaping, balancing and filtering; - IPFilter - policy routing; - IPNAT - masquerading. I want to know, how IP-packets flow through all of this components? What's the path? incoming: IPFW Layer2 -> IPFW&Dummynet -> IPNAT -> IPFilter ? outgoing: IPFW Layer2 ->

Hi, Is it possible to integrate SNORT with IPFW. I have an entire network behind an IPFW BRIDGE. Just need IDS capability enabled for the network. Just an hint is enough. Any other way I can achieve this in IPFW. -Sunil Sunder Raj

-- On Friday, November 21, 2003 12:48 PM -0800 "David Wolfskill - david@catwhisker.org" <+freebsd-security+openmacnews+0459602105.david#catwhisker.org@spamgourmet.com> wrote: David, thanks for your reply! >> i've been struggling with setting appropriate rules for an SMTP-server >> behind by NAT'd firewall. > > OK.... <snip> > >>

I seem to be stumped on this one. I have TCP packets destined to my external interface from 127.0.0.1 (Ack+Reset zero data) with source MAC of my default gateway and I can't seem to block this traffic. Snort picked up the traffic and I have confirmed with tcpdump. So I decided I needed to examine my anti-spoof rules. I already had this one deny ip from any to 127.0.0.0/8 in recv

Dear Friends, I need to know, if RPM SNORT on repository DAG include option flexresp. Thanks Adriano

Hello all: I tried to install snort under /usr/ports/security and have some problems. with "make all", I checked every item on the menu but I got error messages: ////////////////////////////// laptop# make all ===> snort-2.8.1_1 is marked as broken: FLEXRESP2 patch file does not incorporate cleanly. *** Error code 1 Stop in /usr/ports/security/snort.

Can someone please tell me what the name and or website of the open source realtime daemon or script is that automatically puts ip addresses in the hosts.deny file when servers are repeatedly probed for login/password pairs on ftp ports etc please? It was mentioned in the last year on this list if I remember right. I had bookmarked at one time and I cant seem to web search or find it otherwise.

I've been using ipfw for a while to create a router with NAT and packet filtering, but have never combined it with stateful filtering, instead using things like "established" to accept incoming TCP packets which are part of a conversation initiated from the "inside". I'd like to move to using keep-state/check-state to get tighter filtering and also to allow outgoing

Hello all. I am new to the list and relitively new to FreeBSD. I currently have a server running 4.8 as a dedicated server with cPanel added as a way to speed up the creation of sites and such on the server. I host only a couple of site because I do this in my spare time and don't know enough to be a paid participant in the hosting community. Anyway, on to the question, lastnight, the server

Hi all, First of all, I have spent a lot of time reading up on it. Anyway, I live in a shared accomodation with 2 roommates and a landlord and we share a cable internet connection. It is 2Mbit/400Kbit connection. Sometimes when one of us is downloading a song through Kazaa or a new Linux or FreeBSD iso, the bandwidth gets hogged and other users can't get through. I was trying to configure

Hey *, as I sweat through another day of crap dealing with an all-in-one box (firewall, IDS, AVS, report generating, soon to be a VPN server) I'm wondering if someone has started a project to put some freeware together in some semblance of sanity on a FBSD box. There's basically nothing that this box does that a combo of IPFW (or another bsd filter), snort, ntop, and some other freeware

Hi, Two quick questions that I can't seem to find answers for using google. 1) is is possible to listen outside an ipfw firewall - that is have ethereal record the packets before ipfw starts dropping them? If so how? 2) Is there an api to ipfw that will let me manipulate rules, query stats etc? I need something faster than running the command line binary? Thanks John

Hi, I'm using kernel FreeBSD 10.0-BETA3 #2 r257635 kernel. I am trying to add port number to ipfw tables. But there is something strange : Problem is easily repeatable. #ipfw table 1 flush #ipfw table 1 add 4899 #ipfw table 1 list ::/0 0 #ipfw table 1 flush #ipfw table 1 add 10.2.3.01 ( not 10.0.0.1, the last 1 has 0 as prefix ) #ipfw table 1 list ::/0 0 #ipfw table 1 delete ::/0

Probably, I''m not the first one who needs solve problem with p2p. Because, large part of my traffic is eaten by p2p software like KazAA, e-mule, Direct Connect etc, I''m looking for the way of detection of such traffic and marking it. However simple way with for instance 1214 port for KazAA doesn''t work because this software uses floating port technology. This traffic can

Dear All. I want to use 'not' for 2 addresses (for both) in ipfw2 rule. The only way that looks like what I need is # ipfw add count from IP1 to not IP2,IP3 But does this rule indeed makes what I want? Does it count all packets destined to addresses other then IP2 AND IP3?! No other syntax works. For example more logically correct not IP2 AND not IP3 or even not { IP2 or IP3 } are

Hi, I have a system with a 4.11 Kernel. Unless I'm doing something very wrong, there seems to be something odd with ipfw. Take the following rules: ipfw add 00280 allow tcp from any to any 22 out via bge0 setup keep- state ipfw add 00299 deny log all from any to any out via bge0 ipfw add 0430 allow log tcp from any to me 22 in via bge0 setup limit src-addr 2 ipfw add 00499 deny log

Hi all: Did any one use ipfw with CARP before? is there anything specific about ipfw configurations working with CARP? I have two servers and they configured with CARP. they are working fine except i can't turn on ipfw. I have the exact same configuration except ip addresses; those same rule sets of ipfw work on one server but not on another. Thanks all

Hi all: I have strange probelm with rc.conf. I set up ipfw (compiled into kernel) on freebsd-5.4 and it doesn't seem to load ipfw rulesets (it uses default ruleset 65335 locking out everything). I have to do "sh /etc/ipfw.rules" in order to load the rulesets, once I did that, I can access the box from remote locations here is my rc.conf: host# more /etc/rc.conf

I am trying to limit outgoing SMTP traffic to about 14 Mbps and these are the IPFW rules I am using. ${fwcmd} add pipe 1 tcp from 192.168.0.0/24 to any 25 out via dc0 ${fwcmd} pipe 1 config bw 14Mbit/s I've tried multiple tweaks to the pipe rule and I seem to be missing something. I only get about half the bandwidth I specify. Is this normal behavior? Is there something wrong