Re: Is this a hole in my firewall?

From: Jonathon McKitrick (jcm_at_FreeBSD-uk.eu.org)
Date: 11/28/04

  • Next message: Rem Roberti: "Custom Kernel"
    Date: Sun, 28 Nov 2004 04:48:47 +0000
    To: Giorgos Keramidas <keramida@ceid.upatras.gr>
    
    

    On Sun, Nov 28, 2004 at 03:31:35AM +0200, Giorgos Keramidas wrote:
    : AFAIK, rule 00300 will never be hit by packets going out tun0 as long as
    : you also have rule 00200 in there.

    Hmmm.... here's a run after having the laptop running for a bit. I don't
    see why 200 doesn't cover the case either.

    root@neptune:~# ipfw show
    00100 0 0 check-state
    00200 6709 1277079 allow ip from me to any keep-state out xmit tun0
    00300 2093 645797 allow ip from any to any keep-state out xmit tun0
    00400 91 7308 deny tcp from any to any in recv tun0 established
    00500 43 6869 allow ip from any to any via vr0
    00600 52 3080 allow ip from any to any via lo0
    00700 0 0 deny ip from any to 127.0.0.0/8
    00800 0 0 deny ip from 127.0.0.0/8 to any
    00900 0 0 allow tcp from any to me 22 keep-state in recv vr0 setup
    01000 0 0 allow icmp from any to any via tun0 icmptype 0,3,8,11,12
    01100 11 1371 deny log logamount 100 ip from any to any
    65535 0 0 deny ip from any to any
    root@neptune:~#

    jm

    --
    My other computer is your Windows box.
    _______________________________________________
    freebsd-questions@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-questions
    To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
    

  • Next message: Rem Roberti: "Custom Kernel"