On 02/01/11 00:40, Kevin Wilcox wrote:
On Mon, Jan 31, 2011 at 05:58, Da Rock
wrote:
Yes. Me unfortunately, but I did manage to pick it up quite quickly though.
I had a little thief attack one of my ports and attempt login on the
firewall. I had to change it to 'block in $log on $ext_if a
On Mon, Jan 31, 2011 at 05:58, Da Rock
wrote:
> Yes. Me unfortunately, but I did manage to pick it up quite quickly though.
> I had a little thief attack one of my ports and attempt login on the
> firewall. I had to change it to 'block in $log on $ext_if all
> block out $log on $ext_if all' to ac
On 01/31/11 20:30, Patrick Lamaiziere wrote:
Le Sat, 29 Jan 2011 12:39:18 +1000,
Da Rock a écrit :
I spent some time playing with pf and pf.conf, and followed the
directions in the handbook. It redirected me to the openbsd site for
pf.conf, and recommended it as the most comprehensive docu
Le Sat, 29 Jan 2011 12:39:18 +1000,
Da Rock a écrit :
> I spent some time playing with pf and pf.conf, and followed the
> directions in the handbook. It redirected me to the openbsd site for
> pf.conf, and recommended it as the most comprehensive documentation
> for pf.
>
> Firstly, I didn't f
On 01/29/11 23:50, Iñigo Ortiz de Urbina wrote:
I think that kind of user should never be in charge of anything security related
Reading my own post I realise I forgot my question due to kiddie issues
that were occuring in my vicinity. That is, how would one go about this?
As for user suit
I spent some time playing with pf and pf.conf, and followed the
directions in the handbook. It redirected me to the openbsd site for
pf.conf, and recommended it as the most comprehensive documentation for pf.
Firstly, I didn't find that. I had to translate the instructions into
the current ver
On Wed, 26 Nov 2008 23:25:21 -0600
"Andrew Gould" <[EMAIL PROTECTED]> wrote:
> The Limewire website says it has versions for Windows, Mac OS X, Linux and
> others, including OS/2 and Solaris.
furthermore, you can just download the source and make it run from within
Eclipse (with some tweaks rega
On Thu, 27 Nov 2008 12:07:50 +0100 (CET)
Wojciech Puchar <[EMAIL PROTECTED]> wrote:
> > Yeah. Limewire is written in Java (iirc), which makes it extremely
> > easy to port it to any system that can run java.
>
> for P2P sharing rtorrent (/usr/ports/net-p2p/rtorrent) works excellent
if you only
Yeah. Limewire is written in Java (iirc), which makes it extremely
easy to port it to any system that can run java.
for P2P sharing rtorrent (/usr/ports/net-p2p/rtorrent) works excellent
___
freebsd-questions@freebsd.org mailing list
http://lists.freeb
because historically ISPs used those ports for throttling.
+1 . skype does the same thing. and it's "p2p" too , although a lot less so
than limewire.
well ther are excellent method to block skype when using HTTP proxy not
NAT ;) (skype can do through proxy)
On Thu, Nov 27, 2008 at 12:25 AM, Andrew Gould
<[EMAIL PROTECTED]> wrote:
> On Wed, Nov 26, 2008 at 6:40 PM, Fbsd1 <[EMAIL PROTECTED]> wrote:
>
>> dick hoogendijk wrote:
>>
>>
> My unofficial take on it is that limewire is a peer-to-peer sharing
application used by Windows, Mac OS X and L
On Wed, Nov 26, 2008 at 6:40 PM, Fbsd1 <[EMAIL PROTECTED]> wrote:
> dick hoogendijk wrote:
>
>
My unofficial take on it is that limewire is a peer-to-peer sharing
>>> application used by Windows, Mac OS X and Linux users to share files,
>>> usually music, often copyrighted, over the internet
On Wed, 26 Nov 2008 21:40:27 +0800
Fbsd1 <[EMAIL PROTECTED]> wrote:
> I have inclusive firewall rule set which means only packets matching
> the rules are passed through. The inbound hight port numbers are
> blocked by design.
>
> How do other firewall users code rules to allow limewire to work?
Fbsd1 wrote:
[snip]
>
> Limewire is a windows only application.
> So how can you say it runs on solaris which is a flavor Unix?
>
Limewire is a Java program. It will run on any platform which has a
working Java run time environment installed. It is definitely not
"Windows only".
-Jason
_
On Wed, 26 Nov 2008 18:52:16 +
RW <[EMAIL PROTECTED]> wrote:
[..]
>
> > It is one of the
> > fastest, most effective ways to spread viruses, trojans, spyware, etc.
> >
> > The program does not use fixed ports, so the services are hard to
> > block. In essence, the program gets the user to by
On Wed, 26 Nov 2008 09:28:49 -0600
"Andrew Gould" <[EMAIL PROTECTED]> wrote:
> When the last culprit get's his computer back, he
> will find it running an operating system that is not supported by Limewire.
DOS 6.0 ? :P it's java...
> The next time, he'll get it back without a network card.
ou
dick hoogendijk wrote:
My unofficial take on it is that limewire is a peer-to-peer sharing
application used by Windows, Mac OS X and Linux users to share files,
usually music, often copyrighted, over the internet. It is one of the
fastest, most effective ways to spread viruses, trojans, spywa
When people ask my advice about computers, I always include: "Never use
Limewire, or anything like it."
just downloading/sharing files allows you to download viruses, but it's
up to you to run them.
well unless P2P program is really broken, or you are sharing executables.
for sharing movies
My unofficial take on it is that limewire is a peer-to-peer sharing
application used by Windows, Mac OS X and Linux users to share files,
usually music, often copyrighted, over the internet. It is one of the
fastest, most effective ways to spread viruses, trojans, spyware, etc.
that's my cli
dick hoogendijk wrote:
I know, I'm cynical here, but limewire is not all bad!
...and, BTW, Limewire port is readily available for FreeBSD:
http://cvsweb.freebsd.org/ports/net-p2p/limewire
"LimeWire is a fast, easy-to-use file sharing program that contains no
spyware, adware or other bund
On Wed, 26 Nov 2008 10:54:43 -0600
"Andrew Gould" <[EMAIL PROTECTED]> wrote:
> On Wed, Nov 26, 2008 at 10:42 AM, Wojciech Puchar <
> [EMAIL PROTECTED]> wrote:
>
> > sorry for asking but what are this "limewire" programs are?
> >
> >
> My unofficial take on it is that limewire is a peer-to-peer sh
On Wed, 26 Nov 2008 10:54:43 -0600
"Andrew Gould" <[EMAIL PROTECTED]> wrote:
> On Wed, Nov 26, 2008 at 10:42 AM, Wojciech Puchar <
> [EMAIL PROTECTED]> wrote:
>
> > sorry for asking but what are this "limewire" programs are?
> >
> >
> My unofficial take on it is that limewire is a peer-to-peer sh
[EMAIL PROTECTED] writes:
> Andrew Gould <[EMAIL PROTECTED]> escribió:
>
>> On Wed, Nov 26, 2008 at 8:13 AM, <[EMAIL PROTECTED]> wrote:
>>
>>>
>>> Hmmm. Isn't life interesting. I would like to know how to block them and
>>> others without causing strange secondary problems.
>>>
>>> Actually a de
On Wed, Nov 26, 2008 at 10:42 AM, Wojciech Puchar <
[EMAIL PROTECTED]> wrote:
> sorry for asking but what are this "limewire" programs are?
>
>
My unofficial take on it is that limewire is a peer-to-peer sharing
application used by Windows, Mac OS X and Linux users to share files,
usually music, o
sorry for asking but what are this "limewire" programs are?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Andrew Gould <[EMAIL PROTECTED]> escribió:
On Wed, Nov 26, 2008 at 8:13 AM, <[EMAIL PROTECTED]> wrote:
Hmmm. Isn't life interesting. I would like to know how to block them and
others without causing strange secondary problems.
Actually a default pf configuration will let them pass unless I
On Wed, Nov 26, 2008 at 8:13 AM, <[EMAIL PROTECTED]> wrote:
>
> Hmmm. Isn't life interesting. I would like to know how to block them and
> others without causing strange secondary problems.
>
> Actually a default pf configuration will let them pass unless I'm
> forgetting something important.
>
On Wed, 26 Nov 2008 21:40:27 +0800
Fbsd1 <[EMAIL PROTECTED]> wrote:
> I have inclusive firewall rule set which means only packets matching
> the rules are passed through. The inbound hight port numbers are
> blocked by design.
>
> How do other firewall users code rules to allow limewire to work?
Fbsd1 <[EMAIL PROTECTED]> escribió:
These applications have predefined ports they use to start up the
bi-directional packet conversation. But them unsolicited packeted
come in from other pc nodes to share data using a wide range of high
port numbers. IPFW, IPF, and PF don't seem to have a r
These applications have predefined ports they use to start up the
bi-directional packet conversation. But them unsolicited packeted come
in from other pc nodes to share data using a wide range of high port
numbers. IPFW, IPF, and PF don't seem to have a rule option to allow
packs in/out based o
> > I've made a "/etc/rc.firewall.local" I may rename it in the future
> > to stand out more, but we'll see how it goes for now.
>
> Neat. Have fun with the new firewall ruleset then.
>
Thanks. I wish it wasn't necessary, but the server runs MySQL
and if I turn TCPwrappers on, someon
On 2007-08-02 14:49, "Tuc at T-B-O-H.NET" <[EMAIL PROTECTED]> wrote:
>Giorgos Keramidas wrote:
>>On 2007-08-02 12:36, "Tuc at T-B-O-H.NET" <[EMAIL PROTECTED]> wrote:
>>> Hi,
>>> I'm developing firewall rules for a machine, and I&#
>
> On 2007-08-02 12:36, "Tuc at T-B-O-H.NET" <[EMAIL PROTECTED]> wrote:
> > Hi,
> > I'm developing firewall rules for a machine, and I'm wondering what
> > the standard is for putting my version of an ipfw "firewall_script"?
>
On 2007-08-02 12:36, "Tuc at T-B-O-H.NET" <[EMAIL PROTECTED]> wrote:
> Hi,
> I'm developing firewall rules for a machine, and I'm wondering what
> the standard is for putting my version of an ipfw "firewall_script"?
I usually save my rules in '
On Thu, 2 Aug 2007 12:36:51 -0400 (EDT)
"Tuc at T-B-O-H.NET" <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I'm developing firewall rules for a machine, and I'm wondering
> what the standard is for putting my version of an ipfw
> "firewall_script"?
Hi,
I'm developing firewall rules for a machine, and I'm wondering
what the standard is for putting my version of an ipfw "firewall_script"?
I'd normally drop it onto /usr/local/etc somewhere, but my /u/l/e
is an NFS filesystem, and according to rcorder
Noah wrote:
Erik Norgaard wrote:
Noah wrote:
the servers and clients are not on the same LAN segment. capturing
MAC has nothing to do with this scenario.
You haven't exactly told a lot about the network you want to setup.
The logic thing is to authenticate against the firewall connected to
Erik Norgaard wrote:
Noah wrote:
the servers and clients are not on the same LAN segment. capturing
MAC has nothing to do with this scenario.
You haven't exactly told a lot about the network you want to setup.
The logic thing is to authenticate against the firewall connected to
the same
On Sun, Feb 04, 2007 at 10:51:58PM +0100, Erik Norgaard wrote:
> Noah wrote:
>
> >the servers and clients are not on the same LAN segment. capturing MAC
> >has nothing to do with this scenario.
>
> You haven't exactly told a lot about the network you want to setup. The
> logic thing is to authenti
Noah wrote:
the servers and clients are not on the same LAN segment. capturing MAC
has nothing to do with this scenario.
You haven't exactly told a lot about the network you want to setup. The
logic thing is to authenticate against the firewall connected to the
same subnet - and that will k
On 2/4/07, Noah <[EMAIL PROTECTED]> wrote:
Does anybody have a recommendation for a program out there that would
allow somebody to enter an account and password on my website, their IP
address is cached, and the cached IP address is added temporarily to the
firewall ruleset to be allowed.
Hav
Erik Norgaard wrote:
Noah wrote:
Does anybody have a recommendation for a program out there that would
allow somebody to enter an account and password on my website, their
IP address is cached, and the cached IP address is added temporarily
to the firewall ruleset to be allowed.
I am not
Noah wrote:
Does anybody have a recommendation for a program out there that would
allow somebody to enter an account and password on my website, their IP
address is cached, and the cached IP address is added temporarily to the
firewall ruleset to be allowed.
I am not aware of anything that w
Hi,
Does anybody have a recommendation for a program out there that would
allow somebody to enter an account and password on my website, their IP
address is cached, and the cached IP address is added temporarily to the
firewall ruleset to be allowed.
cheers,
Noah
Hi,
Does anybody have a recommendation for a program out there that would
allow somebody to enter an account and password on my website, their IP
address is cached, and the cached IP address is added temporarily to the
firewall ruleset to be allowed.
cheers,
Noah
_
On Wednesday 29 November 2006 13:38, Dan Mahoney, System Admin wrote:
> Hey all, I'm experimenting with ipfw as means of controlling some
> interesting anomalies like with portsenty or some ssh anti-brute-force
> scripts (i.e. adding bad hosts to tables, adding deny rules
> for certain hosts, etc),
Hey all, I'm experimenting with ipfw as means of controlling some
interesting anomalies like with portsenty or some ssh anti-brute-force
scripts (i.e. adding bad hosts to tables, adding deny rules
for certain hosts, etc), and I was wondering if there was (either in the
form of a script, or a bu
Chris Knipe wrote:
sh /etc/rc.firewall
thanks whats the fer?
Cheers,
Noah
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
sh /etc/rc.firewall
Regards,
Chris.
- Original Message -
From: "Noah" <[EMAIL PROTECTED]>
To:
Sent: Monday, August 21, 2006 1:24 AM
Subject: new firewall rules
Hi there,
I want to activate the new rules I added to rc.firewall . Is there anyway
to easily
Hi there,
I want to activate the new rules I added to rc.firewall . Is there
anyway to easily do this without rebooting?
Cheers,
Noah
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To uns
On 2005-10-31 16:45, Giorgos Keramidas <[EMAIL PROTECTED]> wrote:
>On 2005-10-30 18:23, Eric F Crist <[EMAIL PROTECTED]> wrote:
>>On Oct 30, 2005, at 4:41 PM, [EMAIL PROTECTED] wrote:
>>> Does anyone have a good example of a firewall ruleset for a
>>> wireless interface in a laptop, or a pointer to
On 2005-10-30 18:23, Eric F Crist <[EMAIL PROTECTED]> wrote:
>On Oct 30, 2005, at 4:41 PM, [EMAIL PROTECTED] wrote:
>> Does anyone have a good example of a firewall ruleset for a
>> wireless interface in a laptop, or a pointer to documentation?
>> I want to use IPFilter on 6.0 rc1. I want to let a
o have all the features IP Filter has and it's also better
maintained, AFAIK.
> I want to let all connections out and keep state, but block all
> incoming from the outside.
Good idea. I'm using a fairly restrictive set of firewall
rules, even in networks where my laptop has to use DHC
On Oct 30, 2005, at 6:23 PM, Eric F Crist wrote:
On Oct 30, 2005, at 4:41 PM, [EMAIL PROTECTED] wrote:
Does anyone have a good example of a firewall ruleset for a wireless
interface in a laptop, or a pointer to documentation? I want to use
IPFilter on 6.0 rc1. I want to let all connections
in message <[EMAIL PROTECTED]>,
wrote Vitaly Cherny thusly...
>
> On 10/31/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> > Does anyone have a good example of a firewall ruleset for a wireless
> > interface in a laptop, or a pointer to documentation? I want to use
> > IPFilter on 6.0 rc1. I w
On 10/31/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Does anyone have a good example of a firewall ruleset for a wireless
> interface in a laptop, or a pointer to documentation? I want to use
> IPFilter on 6.0 rc1. I want to let all connections out and keep state,
> but block all incoming
On Oct 30, 2005, at 4:41 PM, [EMAIL PROTECTED] wrote:
Does anyone have a good example of a firewall ruleset for a wireless
interface in a laptop, or a pointer to documentation? I want to use
IPFilter on 6.0 rc1. I want to let all connections out and keep
state,
but block all incoming from t
Does anyone have a good example of a firewall ruleset for a wireless
interface in a laptop, or a pointer to documentation? I want to use
IPFilter on 6.0 rc1. I want to let all connections out and keep state,
but block all incoming from the outside.
TIA
___
. Or have friend using limewire try to access your shared files
on one of your lan pc's.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of dick
hoogendijk
Sent: Saturday, April 09, 2005 4:46 PM
To: freebsd-questions@freebsd.org
Subject: Re: IPF Firewall
On Sat, 9 Apr 2005 11:43:23 -0400
[EMAIL PROTECTED] wrote:
> Dick
> Since you say you have limewire working on your LAN behind firewall
> why don't you post your rules so we can see how you did it.
# Limewire
pass out quick on rl0 proto tcp from any to any port = 6346 flags S keep
state
pass out
tions
Subject: Re: IPF Firewall Rules... help!
On 08 Apr [EMAIL PROTECTED] wrote:
> If you read the limewire website carefully you will see that no
where
> does it say it will work on PC on a local area network (LAN).
This is
> one of those products that buries the sending IP address in th
On 08 Apr [EMAIL PROTECTED] wrote:
> If you read the limewire website carefully you will see that no where
> does it say it will work on PC on a local area network (LAN). This is
> one of those products that buries the sending IP address in the
> packets. A PC on the LAN uses an NATed ip address a
email
post.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Gareth
Bailey
Sent: Friday, April 08, 2005 9:26 AM
To: freebsd-questions
Subject: Fwd: IPF Firewall Rules... help!
Hi Bob,
Thanks, I have read the handbook and a couple of other articles. I
have attached my ipf
, April 08, 2005 8:16 AM
> To: freebsd-questions
> Subject: IPF Firewall Rules... help!
>
> We have a freebsd gateway server for windows clients. We use IPF
> with nat.
>
> What ipf rules and ipnat rules are required on the gateway for
> Limewire peer-to-peer to connect on the
We have a freebsd gateway server for windows clients. We use IPF with nat.
What ipf rules and ipnat rules are required on the gateway for
Limewire peer-to-peer to connect on the clients.
If you can help, please do... i'm doing something wrong!
Thanks
Gareth
__
/etc/rc.d/pf
% /etc/rc.d/securelevel
% gothmog:/root#
How are you setting the system securelevel and how do firewall rules
fail to load?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Hello,
I was wondering is it possible to load ipf or pf via rc.conf with a
system in a securelevel of 1 or greater? Trying this thus far has been
unsuccessful, reading the man page suggests this is not possible but if
anyone has a workaround i'd appreciate it.
Thanks.
Dave.
__
PROTECTED]
Subject: Firewall rules for local lan
Hello,
I have a quick question for you:
I am in the process of setting up ipfw for my server and a small LAN
of two pcs.
The FreeBSD server is used as an internet gateway with a dial up
connection (ppp -auto -alias demand).
My network connection is
Gaspar Kiraly wrote:
I am in the process of setting up ipfw for my server and a small LAN of two pcs.
The FreeBSD server is used as an internet gateway with a dial up connection (ppp -auto -alias demand).
My network connection is working fine, however I am getting more and more junk mail lately.
It
Hello,
I have a quick question for you:
I am in the process of setting up ipfw for my server and a small LAN of two pcs.
The FreeBSD server is used as an internet gateway with a dial up connection (ppp -auto
-alias demand).
My network connection is working fine, however I am getting more and mor
On Wed, Jun 16, 2004 at 01:32:58AM +0100, Robert Downes wrote:
> JJB wrote:
>
> >Fundamentally his keep-state rules work and yours don't.
> >
> I have used his script exactly, modifying only for the differences in my
> ISP's addresses. Everything works as before, and still the check-state
> rule
On 2004-06-15 23:29, Giorgos Keramidas <[EMAIL PROTECTED]> wrote:
>On 2004-06-15 20:54, Robert Downes <[EMAIL PROTECTED]> wrote:
>> I'm obviously missing something...
>>
>> su-2.05b# ipfw -a list
>> 00100 16 1144 divert 8668 ip from any to any in via rl0
>> 00200 17 964 divert 8668 ip from any
JJB wrote:
Fundamentally his keep-state rules work and yours don't.
I have used his script exactly, modifying only for the differences in my
ISP's addresses. Everything works as before, and still the check-state
rule is showing zero packets and zero bytes, even though keep-state
rules have been
JJB wrote:
First indication is the hit count on the check-state rule. It's zero
which means there is never an match in the keep-state table. For all
practical purposes your firewall keep-state rules are useless.
I was suspicious of that too, but if I remove the keep-state option from
the allow
On 2004-06-15 20:54, Robert Downes <[EMAIL PROTECTED]> wrote:
> I'm obviously missing something...
>
> su-2.05b# ipfw -a list
> 00100 16 1144 divert 8668 ip from any to any in via rl0
> 00200 17 964 divert 8668 ip from any to any out via rl0
> 00300 0 0 check-state
> 00400 32 3296 allo
I'm obviously missing something...
I've read as much about IPFW and firewall packet filtering as I can, and
I"m still happy with these very simple rules:
su-2.05b# ipfw -a list
00100 16 1144 divert 8668 ip from any to any in via rl0
00200 17 964 divert 8668 ip from any to any out via rl0
003
Whatever the rules I'm using I get this message when booting and starting
ipfw :
ipfw: bad arguments, for usage summary "ipfw"
except if I use the /etc/rc.firewall file but that's another "I don't know
why?" it doesn't work with the "SIMPLE" argument in /etc/rc.conf and
modified with the right va
Hi everyone,
I'm trying to write my own rules for ipfw under 4.9 STABLE.
But everytime I try to use the file with my rules my network is totally blocked
and the "ipfw show" command returns :
65535 38 2311 deny ip from any to any
I think there's a problem in my rules file and the system r
Kevin D. Kinsey, DaleCo, S.P. ([EMAIL PROTECTED]) wrote:
>
> have something to do with it. If the machine
> is running NAT/divert whatever, it might
> well be diverting before blocking? But I'm
> wrong so often it's not very funny ... and
> I use ipfw instead of ipf.
One last thing, I forgo
Kevin D. Kinsey, DaleCo, S.P. ([EMAIL PROTECTED]) wrote:
> So, you're using ipf or ipfilter, not
> ipfw, as I take it from your syntax.
# ipfilter logging
ipmon_enable="yes"
ipmon_flags="-D /var/log/ipflog"
> I imagine the ipfilter gurus on the
> list would like to see your entire
> ruleset.
I
Mike Jackson wrote:
Hi,
I have a 5.2.1 firewall box that also has a mailserver.
Goal:
- firewall can send and receive mail <-> rest of the world
- firewall can send and receive mail <-> internal LAN machines
- firewall blocks internal LAN machines from connecting to
external SMTP servers
firewa
Hi,
I have a 5.2.1 firewall box that also has a mailserver.
Goal:
- firewall can send and receive mail <-> rest of the world
- firewall can send and receive mail <-> internal LAN machines
- firewall blocks internal LAN machines from connecting to
external SMTP servers
firewall/mail gw
---
CTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Martin
> Schweizer
> Sent: Friday, February 13, 2004 2:07 AM
> To: [EMAIL PROTECTED]
> Subject: Firewall rules for ftp
>
> Hello
>
> Until now I tested a lot regarding ftp and ipfw but with no 100%
> success.
> What are the
It would help if you posted you ipfw rules file so people can review
them to look for your problem.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Martin
Schweizer
Sent: Friday, February 13, 2004 2:07 AM
To: [EMAIL PROTECTED]
Subject: Firewall rules for ftp
Hello
Until now I tested a lot regarding ftp and ipfw but with no 100% success.
What are the correct ipfw rules for ftp (regarding dir and ls, passive etc.)?
System: FreeBSD 4.9, NAT, ipfw, LAN 192.168.1.0/24, WAN: dyn. WAN ip over ADSL
--
Regards
Martin Schweizer
<[EMAIL PROTECTED]>
PC-Ser
- Original Message -
From: "Alex de Kruijff" <[EMAIL PROTECTED]>
To: "Chip" <[EMAIL PROTECTED]>
Cc: "FreeBSD Questions List" <[EMAIL PROTECTED]>
Sent: Friday, November 21, 2003 1:24 PM
Subject: Re: firewall rules do not get read
> O
On Thu, Nov 20, 2003 at 04:19:09PM -0800, Chip wrote:
>
>
> Alex de Kruijff wrote:
>
> >On Wed, Nov 19, 2003 at 09:38:34PM -0800, Chip wrote:
> >
> >>I noticed my firewall rules are not being read. I have rc.conf set to
> >>read the file rc.firewall. I
Alex de Kruijff wrote:
On Wed, Nov 19, 2003 at 09:38:34PM -0800, Chip wrote:
I noticed my firewall rules are not being read. I have rc.conf set to
read the file rc.firewall. In rc.firewall the first line is add divert
natd etc etc. that is followed by pass all from any to any etc etc. Then
On Wed, Nov 19, 2003 at 09:38:34PM -0800, Chip wrote:
> I noticed my firewall rules are not being read. I have rc.conf set to
> read the file rc.firewall. In rc.firewall the first line is add divert
> natd etc etc. that is followed by pass all from any to any etc etc. Then
> nothin
On Wed, Nov 19, 2003 at 09:38:34PM -0800, Chip typed:
> I noticed my firewall rules are not being read. I have rc.conf set to
> read the file rc.firewall. In rc.firewall the first line is add divert
> natd etc etc. that is followed by pass all from any to any etc etc. Then
> nothin
I noticed my firewall rules are not being read. I have rc.conf set to
read the file rc.firewall. In rc.firewall the first line is add divert
natd etc etc. that is followed by pass all from any to any etc etc. Then
nothing after that is read, it is all ignored.
If I comment out the line pass all
l Message-
> From: Petre Bandac [mailto:[EMAIL PROTECTED]
> Sent: 23 October 2003 09:13
> To: [EMAIL PROTECTED]; Mihail; [EMAIL PROTECTED]
> Subject: Re: Firewall rules
>
>
> www.kgb.ro/Ipfw-HOWTO
>
> HTH,
>
> petre
>
> On Wednesday 22 October 2003
Do a quick google search on "building freebsd firewall". I was building
a FreeBSD firewall this week, and several of these sites were very
helpful. There are sites for both ipfilter and ipfw. So, take your
pick. I'm using ipfilter, but either firewall method will be sufficient
for most peop
questions archives for loads of info about
> configuring ipfilter. You will be glade you did.
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Mihail
> Sent: Wednesday, October 22, 2003 9:29 AM
> To: [EMAIL PROTECTED]
> Subject: Firewal
:[EMAIL PROTECTED] Behalf Of Mihail
Sent: Wednesday, October 22, 2003 9:29 AM
To: [EMAIL PROTECTED]
Subject: Firewall rules
Hello,
I'm trying to set up a firewall with ipfw by using the client
firewall type given in rc.firewall as an example. My problem
is that the client rules don't allo
Hello,
I'm trying to set up a firewall with ipfw by using the client
firewall type given in rc.firewall as an example. My problem
is that the client rules don't allow me to do common
web-browsing. What should I add to the script to
resolve this without seriously compromising security?
cheers,
Mih
- Original Message -
From: "Thomas Smith" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, August 22, 2003 1:40 PM
Subject: NATD Firewall Rules Setup
> I'm configuring a firewall (FreeBSD 4.8-RELEASE). I've got the firewall
> locked down a
ED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, August 23, 2003 2:40 AM
Subject: NATD Firewall Rules Setup
> I'm configuring a firewall (FreeBSD 4.8-RELEASE). I've got the firewall
> locked down as I need it to be but am having issues getting NAT working.
> The firewall config
On Fri, Aug 22, 2003 at 11:40:50AM -0700, Thomas Smith wrote:
> I'm configuring a firewall (FreeBSD 4.8-RELEASE). I've got the firewall
> locked down as I need it to be but am having issues getting NAT working.
> The firewall config file is included below.
>
> Note that if I add the "allow all"
I'm configuring a firewall (FreeBSD 4.8-RELEASE). I've got the firewall
locked down as I need it to be but am having issues getting NAT working.
The firewall config file is included below.
Note that if I add the "allow all" rule to the end of the file NAT works
fine. I'm certain its an IPFW iss
1 - 100 of 117 matches
Mail list logo
