On Monday 17 December 2007 19:06:29 Gore Jarold wrote:
> My main goal is to lock down my ipfw rules so that
> when I run nmap, all I see is:
>
> Interesting ports on 192.168.0.10:
> Not shown: 1677 closed ports
> PORTSTATE SERVICE
> 22/tcp open ssh
> MAC Address: 00:12:D8:A2:23:C2
>
> Nmap fi
Jack Barnett wrote:
[EMAIL PROTECTED] wrote:
So basically the ruleset should be simple:
ipfw -f flush
# allow lo0 stuff
# block some spoofs/attacks
# if you are hosting gameservers from 192.168.17.3 or whatever,
# you should (manually) open server ports, in other words, add
# routes to 192.168.
[EMAIL PROTECTED] wrote:
So basically the ruleset should be simple:
ipfw -f flush
# allow lo0 stuff
# block some spoofs/attacks
# if you are hosting gameservers from 192.168.17.3 or whatever,
# you should (manually) open server ports, in other words, add
# routes to 192.168.17.3 to specific serv
On Fri, Nov 02, 2007 at 10:59:04PM +0100, [EMAIL PROTECTED] wrote:
> >onet=`ifconfig xl0 | grep "inet " | awk '{print $6}'`
> I'm not sure about this. Isn't the sixth word the broadcast address
> (ending with .255)?
It's correct. I've been using this in my firewall file since FBSD
4.somet
Hi, Jack, let's see.
Jack Barnett wrote:
>
> Lots of people play games here and basically a pain to keep trying to
> get these stupid things to work with individual rules for each.
>
> I'm running FreeBSD 6.x with IPFW/natd
>
> I get a dynamic IP from my ISP and the internal nic is 192.168.17.1
>
Jack Barnett wrote:
Jack Barnett wrote:
Bob Hall wrote:
On Fri, Nov 02, 2007 at 04:59:27AM -0500, Jack Barnett wrote:
I added this for a temporary fix:
${fwcmd} add pass all from any to any
I don't think that is the right answer; That allows to much in?
Yes.
I've tr
On Fri, Nov 02, 2007 at 04:59:27AM -0500, Jack Barnett wrote:
> I added this for a temporary fix:
>${fwcmd} add pass all from any to any
>
> I don't think that is the right answer; That allows to much in?
Yes.
> I've tried these per the docs:
>
>${fwcmd} add allow all from any to any o
RW wrote:
On Fri, 02 Nov 2007 04:59:27 -0500
Jack Barnett [1]<[EMAIL PROTECTED]> wrote:
Lots of people play games here and basically a pain to keep trying to
get these stupid things to work with individual rules for each.
I'm running FreeBSD 6.x with IPFW/natd
I get a dynamic IP from my I
On Fri, 02 Nov 2007 04:59:27 -0500
Jack Barnett <[EMAIL PROTECTED]> wrote:
>
> Lots of people play games here and basically a pain to keep trying to
> get these stupid things to work with individual rules for each.
>
> I'm running FreeBSD 6.x with IPFW/natd
>
> I get a dynamic IP from my ISP a
Jack Barnett wrote:
Jack Barnett wrote:
Jack Barnett wrote:
Bob Hall wrote:
On Fri, Nov 02, 2007 at 04:59:27AM -0500, Jack Barnett wrote:
I added this for a temporary fix:
${fwcmd} add pass all from any to any
I don't think that is the right answer; That allows to much in?
Jack Barnett wrote:
Bob Hall wrote:
On Fri, Nov 02, 2007 at 04:59:27AM -0500, Jack Barnett wrote:
I added this for a temporary fix:
${fwcmd} add pass all from any to any
I don't think that is the right answer; That allows to much in?
Yes.
I've tried these per the docs:
Bob Hall wrote:
On Fri, Nov 02, 2007 at 04:59:27AM -0500, Jack Barnett wrote:
I added this for a temporary fix:
${fwcmd} add pass all from any to any
I don't think that is the right answer; That allows to much in?
Yes.
I've tried these per the docs:
${fwcmd} add allow a
Ok, i changed my original rules. I'm going to use both the ruleset you
recommended
and these ones (not at the same time though :). And see which one gives me the
least trouble.
greetings,
jurjen.
#!/bin/sh
ipfw -q flush
cmd="ipfw -q add"
ks="keep-state"
oif="ath0"
#sort in en out packets
Cool! thanks for the reply + suggestions!
I haven't had any trouble with my firewall blocking too much yet
(also didn't connect to the internet much yet :), but i'll think
about just allowing all out... on the other hand i like the idea
of just letting through out that i need (which isn't very muc
On 2006-12-16 18:01, Jurjen Middendorp <[EMAIL PROTECTED]> wrote:
> I posted this to the freebsd-security list, but i believe that is not
> the right list to this question (sorry! this is my first message to
> the freebsd mailing-lists). I hope this is the right list! :) anyway:
>
> I tried making
RYAN vAN GINNEKEN wrote:
I know this has probably been posted 1000's of times but i would like to
set up a ipfw firewall i run many services on this machine. It acts as a
gateway for my network
APACHE web server
IMAP mail server
SMTP mail server
BIND name server
FTP server
also i would like to b
On Thursday 04 March 2004 01:42, RYAN vAN GINNEKEN wrote:
> I know this has probably been posted 1000's of times but i would like to
> set up a ipfw firewall i run many services on this machine. It acts as a
> gateway for my network
> APACHE web server
80/TCP and perhaps 443/TCP
> IMAP mail server
Articles based on solutions that I use:
http://www.kruijff.org/alex/index.php?dir=docs/FreeBSD/
On Tue, Feb 17, 2004 at 08:46:09PM -0800, Saint Aardvark the Carpeted wrote:
> Peter Rosa disturbed my sleep to write:
> > please what's the difference between this ipfw rules:
> >
> > ${fwcmd} add 6300
Peter Rosa disturbed my sleep to write:
> please what's the difference between this ipfw rules:
>
> ${fwcmd} add 63000 deny ip from any to 0.0.0.255:0.0.0.255 in via ${oif}
This denies broadcasts coming in to your machine through the outside
interface. The rule number is specified here, and it's
Marwan Sultan wrote:
a) lets say I want to deny everything except a range of IPs
starting from 192.168.1.1 to 192.168.1.50.
what rule set should be? how to set range of IPs? to pass
and deny rest of the C class. FreeBSD Doc's doesnot cover this?
or i didnot see.!
I would set
Marwan Sultan disturbed my sleep to write:
> I compiled ipfw to accept by default.
> This is my ipfw list:
>
> 00050 divert 8668 ip from any to any via rl0
> 00100 allow ip from any to any via lo0
> 00200 deny ip from any to 127.0.0.0/8
> 00300 deny ip from 127.0.0.0/8 to any
> 65000 allow
On Sunday 18 January 2004 05:53 pm, Daan Vreeken [PA4DAN] wrote:
>
> You forgot the packets in the other direction... This should do the trick :
>
> ${fwcmd} add 00300 allow tcp from any to me 22
> ${fwcmd} add 00301 allow tcp from me 22 to any
>
> grtz,
> Daan
It worked.
Thanks,
Andrew Gould
_
Andrew L. Gould wrote:
Does portmap have to be enabled to connect to sshd?
No
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Does portmap have to be enabled to connect to sshd?
Thanks,
Andrew Gould
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
On Sunday 18 January 2004 05:53 pm, Daan Vreeken [PA4DAN] wrote:
> On Monday 19 January 2004 00:47, Andrew L. Gould wrote:
> > I can't seem to get the ipfw rules right for letting ssh clients access a
> > ssh server. I can use ssh on the server to connect to the client; but if
> > I try to connect
On Monday 19 January 2004 00:47, Andrew L. Gould wrote:
> I can't seem to get the ipfw rules right for letting ssh clients access a
> ssh server. I can use ssh on the server to connect to the client; but if I
> try to connect from the client to the server, the operation times out.
>
> I have my ru
houghts? Don't think I'm not appreciating your patient efforts to
assist me.
Cheers!
Stacey
On Sun, 2002-10-27 at 17:56, D. Penev wrote:
> On Sun, Oct 27, 2002 at 10:50:47AM +, Stacey Roberts wrote:
> >Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?]
>
On Sun, Oct 27, 2002 at 10:50:47AM +, Stacey Roberts wrote:
Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?]
From: Stacey Roberts <[EMAIL PROTECTED]>
To: "D. Penev" <[EMAIL PROTECTED]>
Cc: FreeBSD Questions <[EMAIL PROTECTED]>
Date: 27
n2K box.
Hope this helps.
Stacey
On Sun, 2002-10-27 at 07:15, D. Penev wrote:
> On Sat, Oct 26, 2002 at 10:47:48PM +0100, Stacey Roberts wrote:
> >Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?]
> >From: Stacey Roberts <[EMAIL PROTECTED]>
> &
On Sat, Oct 26, 2002 at 10:47:48PM +0100, Stacey Roberts wrote:
Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?]
From: Stacey Roberts <[EMAIL PROTECTED]>
To: "D. Penev" <[EMAIL PROTECTED]>
Cc: FreeBSD Questions <[EMAIL PROTECTED]>
Date: 26
Hi,
Thanks for the reply. I should mention that I've made some progress
with my efforts to set up a samba PDC for my Win2K clients.
First of all I am now able to successfully complete all tests in the
recommended "DIAGNOSTICS.TXT" at
http://hr.uoregon.edu/davidrl/DIAGNOSIS.txt, except:-
test 8:
On Mon, Oct 21, 2002 at 07:33:58PM +0100, Stacey Roberts wrote:
Subject: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?]
From: Stacey Roberts <[EMAIL PROTECTED]>
To: Andrew Boothman <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED],
FreeBSD Questions <[EMAIL PROTECTED]>
Date: 21 Oct 2002 19
- Original Message -
From: "Grant Cooper" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, October 11, 2002 5:10 PM
Subject: Re: ipfw rules
> I am having the same problem. I now just allow ftp from certain IP
> addr
> I am able to use cvsup with our firewall. The problem is when actually trying
> to install the software using the make command since the make command tries to
> fetch the source tarball from a remote server using ftp.
If you have a proxy server running, try putting FETCH_ENV variable into
/et
CTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, October 10, 2002 9:18 PM
To: [EMAIL PROTECTED]
Subject: re: ipfw rules
On Thursday, October 10, 2002, at 03:06 PM, Jack L. Stone wrote:
At 05:52 PM 10.10.2002 -0400, [EMAIL PROTECTED] wrote:
Could anyone please tell me what ipfw rules need to be set
On Thursday, October 10, 2002, at 03:06 PM, Jack L. Stone wrote:
At 05:52 PM 10.10.2002 -0400, [EMAIL PROTECTED] wrote:
Could anyone please tell me what ipfw rules need to be set in order to allow
software installation through the ports collection? I tried adding a rule to
allow ftp outbound an
At 05:52 PM 10.10.2002 -0400, [EMAIL PROTECTED] wrote:
>Could anyone please tell me what ipfw rules need to be set in order to allow
>software installation through the ports collection? I tried adding a rule to
>allow ftp outbound and although I can ftp out, I still cannot fetch the
source
>tarba
37 matches
Mail list logo
