Re: IPFW rules
- From: Michael Proto <mike@xxxxxxxxxxxxxx>
- Date: Mon, 21 Aug 2006 13:15:05 -0400
SigmaX asdf wrote:
I'm trying to setup IPFW to block all ports except those I specify.
For starters I'm just opening SSH.
# ipfw list
00050 divert 8668 ip4 from any to any via rl0
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00301 allow log tcp from any to any dst-port 22
00399 deny ip from any to any
65000 allow ip from any to any
65535 deny ip from any to any
Traffic is still blocked on port 22 -- I can't login via SSH. What am
I doing wrong, and what rule should I be using to allow SSH in and
through?
You need to allow the return traffic. Either something like:
ipfw add 1 allow tcp from any to any established
or:
ipfw add 1 check-state
and change your port 22 rule to read
ipfw allow log tcp from any to any port 22 keep-state
(check the ipfw(8) man page to be sure, I haven't touched ipfw rules in
a long time and my above syntax may be a bit buggy)
-Proto
_______________________________________________
freebsd-stable@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@xxxxxxxxxxx"
- References:
- IPFW rules
- From: SigmaX asdf
- IPFW rules
- Prev by Date: Re: Gateway [SOLVED]
- Next by Date: Re: make buildworld does nothing
- Previous by thread: IPFW rules
- Next by thread: Re: IPFW rules
- Index(es):
Relevant Pages
|
|
