Displaying 20 results from an estimated 1000 matches similar to: "IPFILTER_DEFAULT_BLOCK & No route to host"
2004 Aug 10
2
Error With Kernel Module IPFILTER
I've found out from two different kernel configs
that after properly compling kernel with IPFILTER support
it causes the system not to boot. Its hard to say, what exactly it does, cause its not a local system.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
2003 Apr 30
6
how to configure a FreeBSD firewall to pass IPSec?
I have a FreeBSD box acting as a firewall and NAT gateway
I would like to set it up to transparently pass IPSec packets -- I have
an IPSec VPN client running on another machine, connecting to a remote network.
Is there a way to do this? I can't find any hints in the man pages.
2003 Aug 07
1
problems with ipfilter on 5.1-RELEASE
hi all
i'm trying to get ipfilter set up on my new 5.1-RELEASE box. ipfilter
seems to be working fine. i just have a couple of issues that are
probably not very serious...
one thing is that during network startup at boot, i get the message
IPFilter: already initialized
repeated 4 times.
i think i have everything configured properly
my kernel config looks like
options IPFILTER
options
2003 May 31
3
Packet flow through IPFW+IPF+IPNAT ?
Hi.
On my FreeBSD 4.8 configured IPFW2+IPF+IPNAT and I use them all:
- IPFW - traffic accounting, shaping, balancing and filtering;
- IPFilter - policy routing;
- IPNAT - masquerading.
I want to know, how IP-packets flow through all of this components?
What's the path?
incoming: IPFW Layer2 -> IPFW&Dummynet -> IPNAT -> IPFilter ?
outgoing: IPFW Layer2 ->
2003 Apr 11
2
Ipf headers not installed per default ?
Just rebuilt and installed/world kernel: FreeBSD 4.8-STABLE #0: Fri Apr 11
14:34:37 EDT 2003
Using the latest Makefile for squid25:
# fgrep \$FreeBSD /usr/ports/www/squid/Makefile
# $FreeBSD: ports/www/squid/Makefile,v 1.100 2003/04/09 08:31:30 adrian Exp $
Modified with:
# fgrep CONFIGURE_ARGS Makefile |fgrep -v \#
CONFIGURE_ARGS= --bindir=${PREFIX}/sbin --sysconfdir=${PREFIX}/etc/squid \
2004 Feb 29
5
mbuf vulnerability
In
http://docs.freebsd.org/cgi/mid.cgi?200402260743.IAA18903
it seems RELENG_4 is vulnerable. Is there any work around to a system that
has to have ports open ?
Version: 1 2/18/2004@03:47:29 GMT
>Initial report
>
<<https://ialert.idefense.com/KODetails.jhtml?irId=207650>https://ialert.idefense.com/KODetails.jhtml?irId=207650;
>ID#207650:
>FreeBSD Memory Buffer
2003 Apr 08
2
Transparent squid (ipf)
FreeBSD 4.8-STABLE #1: Sun Apr 6 09:38:34 EDT 2003
# $FreeBSD: ports/www/squid/Makefile,v 1.99 2003/03/09 10:59:07 netchild Exp
$
...
checking if IP-Filter header files are installed... no
WARNING: Cannot find necessary IP-Filter header files
Transparent Proxy support WILL NOT be enabled
...
I seem to recall that ipf doesn't install its includes per default any longer
? Perhaps
2005 Jan 19
1
ipf question
Hello.
I am a relatively new FreeBSD user. I have samba, ssh and vnc server running
on it. I am also trying to set up the IPFILTER on it. I used the handbook to
familiarize myself with the software and the sample script provided in the
chapter discussing ipf, I decided to use as a starting point. After reading
the ipf chapter I assumed that if "block in log first quick on xl0 all" is
2006 Jul 14
1
Any ongoing effort to port /etc/rc.d/pf_boot, /etc/pf.boot.conf from NetBSD ?
Hi,
[I have added freebsd-security to recipient list as I consider
this issue a security risk]
Paul Schenkeveld wrote:
> Hello,
>
> On Fri, Jul 14, 2006 at 01:26:38PM +0300, Ari Suutari wrote:
>> Hi,
>>
>> Does anyone know if there are any plans to bring
>> pf boot-time protection (ie. /etc/rc.d/pf_boot and
>> related config files) from NetBSD to FreeBSD
2003 Jun 13
1
Gigabit Ethernet Security With Ipfilter
Hello all,
I want to learn about requirements if I want to protect
gigabit network with ipfilter as transparent firewall.
Which type of hardware is required to install FreeBSD + ipf
(as transparancy ) . We use 3 gigabit ethernet to protection
which type of gigabit ethernet carts are powerfull. Also,
what about the NMBCLUSTERS , IPSTATE_SIZE and IPSTATE_MAX in
ip_state.h.
I want to collect all
2004 Nov 30
1
FreeBSD bridge + filtering, BIG problem
Hi,
I'm afraid about having find a freebsd 5X security issue.
We have recently upgraded one gateway from 4.10 to 5.3... Following network
used:
[ISP]--xl1--[FW01]-----xl0--em0--[SR01]
|
|--fxp0--em0--[SR02]
On fw01, we have one jail.
So fw01 is configured as a bridge on xl1,xl0,fxp0. Services works (before
and after upgrade).
On 4.10, we used
2003 Jun 07
1
Impossible to IPfilter this?
Hi!
I'm trying to increase security on my FreeBSD 4.8 firewall/DSL router/VPN
router.
My problem is with firewalling the VPN part. I'm using a tunnel to a
RedHat 7.1 box running FreeS/WAN. This tunnel allows traffic from my
internal net (172.17.0.0/24) to that box only:
spdadd 172.17.0.0/24 $REDHAT/32 any -P out ipsec esp/tunnel/$MYADDR-$REDHAT/unique;
spdadd $REDHAT/32 172.17.0.0/24
2006 Jan 26
7
strange problem with ipfw and rc.conf
Hi all:
I have strange probelm with rc.conf. I set up ipfw
(compiled into kernel) on freebsd-5.4 and it doesn't
seem to load ipfw rulesets (it uses default ruleset
65335 locking out everything). I have to do "sh
/etc/ipfw.rules" in order to load the rulesets, once I
did that, I can access the box from remote locations
here is my rc.conf:
host# more /etc/rc.conf
2010 Dec 19
2
httpd log weirdness
Hi All,
I setup a new Centos 5.5 bod and it will be running a site for me. Apache is running and daily I get e-mailed a log from the box.
The log today said:
--------------------- httpd Begin ------------------------
Requests with error response codes
404 Not Found
http://www.cablecarmuseum.org/Car42.jpg: 1 Time(s)
---------------------- httpd End -------------------------
But that
2003 Jun 11
7
IPFW: combining "divert natd" with "keep-state"
I've been using ipfw for a while to create a router with NAT
and packet filtering, but have never combined it with
stateful filtering, instead using things like "established" to
accept incoming TCP packets which are part of a conversation
initiated from the "inside".
I'd like to move to using keep-state/check-state to get tighter
filtering and also to allow outgoing
2004 Apr 23
2
use keep state(strict) to mitigate tcp issues?
Hi,
When deploying a BSD with IPF in at the network perimeter
and using rules like these:
pass in .. proto tcp ... keep state(strict)
it's possible to refuse tcp packets which arrive out of order.
This would increase the difficulty doing blind attack resets and blind
data injection attack, cause then you'd have to "guess" the exact expected
number. Checpoint has a similar
2003 Aug 03
1
ipfw or ipf w/stateful behavior
Hi,
first i must tell you, that my english is not the best,
i hav learned my english from manpages and documentation.
Please excuse this.
I have setted up a Box w/FreeBSD 4.7-RELEASE for connecting
to the w3 through an DSL/ATM-Connection.
Now i know the stateful handling of firewall-rules under linux
with iptables.In the second i have understand that FreeBSD comes with the
netfilter-extensions.
2005 Oct 25
6
ipf stopped working on 5.3
I've had ipf working on a few 5.3 servers for quite awhile. Not too long ago
some developers had to do some coding work and were coming from dynamic
IP's. I (reluctantly) opened up SSH to the world. Immediately I started
seeing the attacks where bots of some sort would try to break in with a
variety of different users.
So, I (thought) I closed it up again and told the developers to use a
2010 Jan 15
4
Bridging firewall with snv_125 and ipfilter
Has anyone gotten a transparent firewall working? I''m using snv_125 on an IBM x346 (snv_130
goes into endless boot loops on this hardware). I can create a working bridge with dladm, but
can''t stop packets, even with "block in quick all". That stops packets on my management
interface bge0, but not on the bridge. :(
tim at ghost:~# ifconfig -a
lo0:
2003 Jul 08
4
Hardening production servers
Greetings,
Apologies if this is not the appropriate list, but my questions are about
best practices in maintaining production servers (so I believe I can justify
a post in -stable, short of a -release list :)
I maintain a modest installation of 6 FreeBSD servers. They're CVSUP'd to
RELENG_4_8 (I make buildworld on each individually) and I portupgrade ports
as necessary. In an attempt to