Ipfilter, co delam spatne?

Zbynek Houska zhouska at cz.foxconn.com
Wed Jun 4 21:21:04 CEST 2003

Previous message: jak se zbavit senmailu?
Next message: Ipfilter, co delam spatne?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Tak tu stale zapasim s ipfiltrem a muj ipf.conf vypada asi takto:

#odmitnuti paketu nedavajicich smysl, ktere nebudeme chtit nikdy prijmout
 block in log quick from any to any with ipopts
 block in log quick proto  tcp from any to any with short
#loopback
 pass in quick on lo0 all
 pass out quick on lo0 all
#odchazejici pakety
pass out on fxp0 all head 10
 block out from 127.0.0.1/8 to any group 10
 block out from any to 127.0.0.1/8 group 10
 block out from any to 10.17.194.108/32 group 10
#prichazejici pakety
block in on fxp0 all head 20
 block in from 127.0.0.1/8 to any group 20
 block in from 10.17.194.108/32 to any group 20 
 pass in quick proto tcp from any to any port = 80 keep state group 20 
 pass in quick proto tcp/udp from any to any port = 137 keep state group 20

 pass in quick proto tcp/udp from any to any port = 138 keep state group 20
 pass in quick proto tcp/udp from any to any port = 139 keep state group 20

 pass in quick proto tcp from any to any port = ssh keep state group 20
#Zakazat spojeni se sluzbami, ktere neposkytujeme
 block return-rst in log proto tcp from any to any flags S/SA group 20
 block return-icmp(net-unr) in proto udp all group 20

Pokud se pokusim zavest tato pravidla tal dostanu tuhle hlasku:

2:ioctl(add/insert rule): Operation not supported by device
3:ioctl(add/insert rule): Operation not supported by device
5:ioctl(add/insert rule): Operation not supported by device
6:ioctl(add/insert rule): Operation not supported by device
8:ioctl(add/insert rule): Operation not supported by device
9:ioctl(add/insert rule): Operation not supported by device
10:ioctl(add/insert rule): Operation not supported by device
11:ioctl(add/insert rule): Operation not supported by device
13:ioctl(add/insert rule): Operation not supported by device
14:ioctl(add/insert rule): Operation not supported by device
15:ioctl(add/insert rule): Operation not supported by device
16:ioctl(add/insert rule): Operation not supported by device
17:ioctl(add/insert rule): Operation not supported by device
18:ioctl(add/insert rule): Operation not supported by device
19:ioctl(add/insert rule): Operation not supported by device
20:ioctl(add/insert rule): Operation not supported by device
22:ioctl(add/insert rule): Operation not supported by device
23:ioctl(add/insert rule): Operation not supported by device

Kde by mohl byt problem?

Zbynek

Previous message: jak se zbavit senmailu?
Next message: Ipfilter, co delam spatne?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users-l mailing list