Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

IPF Rules

  • 12-01-2001 2:34pm
    #1
    Bdellium
    Closed Accounts Posts: 13


    I'm trying to get some rules to work with IPF
    but unfortunatly they aren't working the way i'd like them
    to.I've read the HOW-TO, i will again, but.
    I want to allow all outgoing connections of
    UDP/ICMP/TCP with keep state used.
    I also want to return RESET packets to all
    non-state incoming TCP in order to hide the fact
    that i have a firewall, i want to return icmp port unreachable messages
    to all incoming UDP and then block everything else.I've tried working out a ruleset for this
    but it just wont work right, some rule may work and the other wont, but not together. Any ideas? thanks in advance.I'm sure someone knows how it could be done.


Comments

  • #2
    regi
    Registered Users, Registered Users 2 Posts: 3,280 ✭✭✭regi


    Ok... I might get this utterly arseways, so maybe ecksor or bedlam will correct me smile.gif

    This is assuming you are on a dialup and that tun0 is your dialout device (if under Free/OpenBSD)
    <font face="Verdana, Arial" size="2">
    I want to allow all outgoing connections of
    UDP/ICMP/TCP with keep state used.
    </font>

    pass out quick on tun0 proto tcp from any to any keep state
    pass out quick on tun0 proto udp from any to any keep state
    pass out quick on tun0 proto icmp from any to any keep state
    <font face="Verdana, Arial" size="2">
    I also want to return RESET packets to all
    non-state incoming TCP in order to hide the fact that i have a firewall
    </font>

    block return-rst in on tun0 proto tcp from any to any
    <font face="Verdana, Arial" size="2">
    i want to return icmp port unreachable messages to all incoming UDP
    </font>

    block in on tun0 proto udp from any to any
    block in on tun0 proto icmp from any to any
    <font face="Verdana, Arial" size="2">
    and then block everything else.
    </font>

    block in from any to any

    - I'm sure I've made some mistakes here, but it should help you get on your way.


  • #3
    regi
    Registered Users, Registered Users 2 Posts: 3,280 ✭✭✭regi


    There's a good tutorial here http://www.obfuscation.org/ipf/ipf-howto.txt


  • #4
    Bdellium
    Closed Accounts Posts: 13 Bdellium


    Yes, i read the HOW-TO you mentioned and used those rules, but still it didn't work the way i wanted, maybe its the version i have installed.
    block return-rst in quick on tun0 fastroute proto tcp from any to 20.20.20.0/32
    seems to crash the operating system IPF is running on.
    It crashes when recieving a tcp packet with the syn flag, i know this doesn't really matter, but there are no errors given when loading this rule.
    Anyone know why?
    I'm sure there are many other things that could go wrong using the rules in IPF.


Advertisement