similar to: firewalling help/audit

Displaying 20 results from an estimated 2000 matches similar to: "firewalling help/audit"

2004 Feb 19
2
traffic normalizer for ipfw?
Hi there, Is there some way to configure ipfw to do traffic normalizing ("scrubbing", as in ipf for OpenBSD)? Is there any tool to do it for FreeBSD firewalling? I've heard that ipf was ported on current, anything else? TIA, /Dorin. __________________________________ Do you Yahoo!? Yahoo! Mail SpamGuard - Read only the mail you want. http://antispam.yahoo.com/tools
2006 Nov 11
5
src/etc/rc.firewall simple ${fw_pass} tcp from any to any established
Hi security@ list, In my self written, large ipfw rule set, I had something that passed http to allow me to browse most but not all remote sites. For years I assumed the few sites I had difficulty with were cases pppoed MTU != 1500, from not having installed tcpmssd on my 4.*-RELEASE, but then running 6.1-RELEASE I realised that wasn't the problem. http://www.web.de Still failed, &
2005 Nov 22
2
ipfw check-state issue
heya i've been using freebsd's ipfw for quite a while and recently on a new server i've got this issue with ipfw that i can't understand ... something is wrong ... 01000 8042 1947866 allow ip from any to any via fxp0 01010 0 0 allow ip from any to any via lo0 01014 9886 4170269 divert 8668 ip from any to any in via vr0 01015 0 0 check-state 01130 14679 5695969 skipto 1800 ip from
2003 Jun 02
6
4.8-Stable DummyNet
Hi. We just opened a gaming center and have chosen to run a FreeBsd box for our firewall. IPFW is configured at it's very basic running natd through rl0 and allowing any to any connections from the lan to the outer world. Natd controls access to the lan. We have a 6.0 mb/s ADSL net connection for all the gaming clients to use, however if a gamer starts downloading a file, that file
2004 Nov 21
1
[Fwd: Re: Importing into rc.firewal rules]
Hi, > On Sat, Nov 20, 2004 at 01:32:15PM -0500, Francisco Reyes wrote: >> I have a grown list of IPs that I am "deny ip from ###.### to any". Infected machines, hackers, etc.. >> >> Is there a way to have this list outside of rc.firewall and just read it in? > from man ipfw LOOKUP TABLES Lookup tables are useful to handle large sparse address sets, typically
2003 May 07
4
IPFW Bandwidth throttling?
I am trying to limit outgoing SMTP traffic to about 14 Mbps and these are the IPFW rules I am using. ${fwcmd} add pipe 1 tcp from 192.168.0.0/24 to any 25 out via dc0 ${fwcmd} pipe 1 config bw 14Mbit/s I've tried multiple tweaks to the pipe rule and I seem to be missing something. I only get about half the bandwidth I specify. Is this normal behavior? Is there something wrong
2003 Dec 23
2
address specified as 1.2.3.4/24{128,35-55,89} Is this Correct ????
The man page gives this example, however, when I attempt to use it, it seems to block the whole set? Could someone tell me what's going wrong here please. Thanks heaps.. This works, ${fwcmd} add deny log all from any to 203.1.96.1 in via ${oif} This blocks the whole IP block, not just the list? ${fwcmd} add deny log all from any to 203.1.96.0/24{2,6-25,27-154,156-19
2007 Feb 18
1
Secure shared web hosting using MAC Framework
Hi all, I am looking at securing a web server using the FreeBSD MAC Framework. To make things clear I will call the hosted users "web users". Those are the issues I am dealing with: ** Network Security ** - Web users shouldn't be able to connect to reserved local ports apart from 25(smtp); 80(http); 443(https) and 3306(MySQL) Solution: run the web server and web users shell in
2019 May 20
1
Second VPN network fails to start
Hello Lars, Thanks for your feedback. Unfortunately I made an error in writing the network I expected to connect to. I meant 10.3.0.0/24 The one I wrote in fact was one network of the already established VPN. I have included full details of my relevant files below. Background: I am trying to set up a second VPN between two servers: gtdb and db2. Both servers are already part of separate
2017 Aug 24
5
[Bug 1179] New: vmap and sets cause "BUG: invalid range expression type set"
https://bugzilla.netfilter.org/show_bug.cgi?id=1179 Bug ID: 1179 Summary: vmap and sets cause "BUG: invalid range expression type set" Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: major Priority: P5 Component: nft
2016 Mar 04
2
AW: issue with tinc and libvirt / Network is already in use by interface tun0
>> I have tinc up and running on a kvm/libvirt host. libvirt creates a >> bridge and assigns ip to this bridge, for instance 192.168.1.1. All >> guests have an ip within 192.168.1.0/24. I want to access the guests >> in this libvirt network with tinc from the internet via the host. >[...] >> and tinc.conf like this >[...] >> Interface = tun0 >>
2016 Mar 03
2
issue with tinc and libvirt / Network is already in use by interface tun0
2003 Jul 03
1
ipv6 dialup: "nd6_lookup: failed to lookup" problem (4.8-REL)
Hi all, I try to receive an ipv6 address for my PPP link via autoconf (against Cisco machine), but there is a problem I'm unable to solve so far. I can see cisco's Router-Advertisement containing prefix etc., but no IP adress is assigned to tun0 interface. Anyone succesful in IPv6 over dial-up PPP connection? When I manually assign IPv6 address, connection works. My system is
2005 Jul 08
1
gre tunnel between networks with same subnet
/-----------------------\ | | |eth0 |eth0 |-------| |-------| | |eth1 eth1 | | -------- A |____ _______| B |----- | | \ / | | --------| | | --------| | | | |
2007 Mar 15
1
Openvpn routing problem
Hi, I posted this question yesterday on the Openvpn mailing list, with no response, figured I will ask here too. I have been using openvpn for quite a while, no major problems encountered. Now I need to allow the server to access the lan of the client, and I can not figure out the routing. This is what I have after the tunnel is brought up: SERVER (A.A.A.A) Arx:~# ip addr ... 3: eth1:
2005 Feb 07
9
Zoning Out
I''m getting my zones confused. Help. I need to have a bunch of systems using OpenVPN to gain an IP in the virtual subnet 10.100.1.0/24, on interface tun0. I will then route whole subnets to those IPs, like 10.100.2.0/24 via 10.100.1.12, etc. I want to have a policy for: - all hosts behind tun0 - all hosts in 10.100.1.0/24 - individual subnets being routed through IPs in
2015 Dec 06
3
openvpn + routing
Hello, i have a little question. My system: ip route: 0.0.0.0/1 via 10.8.0.5 dev tun0 default via 192.168.2.1 dev br0 proto static metric 425 10.8.0.1 via 10.8.0.5 dev tun0 10.8.0.5 dev tun0 proto kernel scope link src 10.8.0.6 88.198.140.127 via 192.168.2.1 dev br0 192.168.2.0/24 dev br0 proto kernel scope link src 192.168.2.101 metric 425 192.168.122.0/24 dev virbr0 proto kernel
2017 Dec 29
2
OpenVPN server and firewalld
On 12/29/2017 3:59 AM, Wojciech ?ysiak wrote: > firstly check which zone are your interface in : > > bash> firewall-cmd --get-active-zones > > then all you have to do is add a service to the firewall > > firewall-cmd --zone=<INSERT YOUR ZONE> --add-service=openvpn --permanent > > assuming that your Openvpn is running on standard port 1194/tcp|udp, > If not
2005 Aug 19
2
Binding to Tun0 device
Hello all, We have a few aliased Ethernet addresses on our server and if I do not use the Bind statement in the "Global" section then the NMBD seems to try to bind to all of the addresses. We are actually using OpenVPN which make the connections just fine on a 172.16.x.x subnet to "tun0" device. The problem is that Samba does not seem to find the tun0 device and reports
2015 Jan 22
1
Help linking subnets
Hi, after trying for days I ended up with a working tinc configurazion of 2 subnets, now my goal is to add 2 more subnets and comunicate. I might seem dumb at this point but honestly I don't work in IT or Networking stuff, and so I dont have that deep knowledge. A little explanation of my configuration is HOST A (VPN server) Public IP: 1.2.3.4 tun0 Subnet = 192.168.10.0/24 tun0 IP =