Hallo,
ich habe ein "kleines" Problem beim aufsetzen einer Firewall.
FreeBSD-Box mit Apache, dnscache, pure-ftpd, ipf.
Wenn ich die Regel
Pass in all
Pass out all
Eingebe, kann ich mit ftp via passivmod einloggen und das Verzeichnis wir gelistet.
Verwende ich jedoch die Regeln
pass in quick proto tcp from any to 213.47.208.164 port = 21 keep state
pass out quick proto tcp from 213.47.208.164 to any port = 21 keep state
pass in quick proto tcp from any port = 20 to 213.47.208.164 port >= 1024 keep state
pass out quick proto tcp from 213.47.208.164 port = 20 to any port >= 1024 keep state
pass in quick proto tcp from any to 213.47.208.164 port = 20 keep state
pass out quick proto tcp from 213.47.208.164 to any port = 20 keep state
kann ich mich anmelden aber er listet das Verzeichnis nicht.
Kann mir bitte jemanden helfen?
Danke
Ron
Die vollständige rules:
#
# Rule 0 (xl0)
#
#
block in log quick on xl0 from 213.47.208.164 to any
#
# Rule 0 (lo0)
#
#
pass in quick on lo0 proto icmp from any to any keep state
pass in quick on lo0 proto tcp from any to any keep state
pass in quick on lo0 proto udp from any to any keep state
pass in quick on lo0 from any to any
pass out quick on lo0 proto icmp from any to any keep state
pass out quick on lo0 proto tcp from any to any keep state
pass out quick on lo0 proto udp from any to any keep state
pass out quick on lo0 from any to any
#
# Rule 0 (global)
#
#
block in log quick from 10.0.0.0/8 to 213.47.208.164
block in log quick from 192.168.0.0/16 to 213.47.208.164
block in log quick from 172.16.0.0/12 to 213.47.208.164
#
# Rule 1 (global)
#
#
pass in quick proto tcp from any to 213.47.208.164 port = 21 keep state
#
# Rule 2 (global)
#
#
pass out quick proto tcp from 213.47.208.164 to any port = 21 keep state
#
# Rule 3 (global)
#
#
pass in quick proto tcp from any port = 20 to 213.47.208.164 port >= 1024 keep state
#
# Rule 4 (global)
#
#
pass out quick proto tcp from 213.47.208.164 port = 20 to any port >= 1024 keep state
#
# Rule 5 (global)
#
#
pass in quick proto tcp from any to 213.47.208.164 port = 20 keep state
#
# Rule 6 (global)
#
#
pass out quick proto tcp from 213.47.208.164 to any port = 20 keep state
#
# Rule 7 (global)
#
#
pass in quick proto tcp from any to 213.47.208.164 port = 80 keep state
#
# Rule 8 (global)
#
#
pass out quick proto tcp from 213.47.208.164 to any port = 80 keep state
#
# Rule 9 (global)
#
#
pass in quick proto tcp from any to 213.47.208.164 port = 53 keep state
pass in quick proto udp from any to 213.47.208.164 port = 53 keep state
#
# Rule 10 (global)
#
pass out quick proto tcp from 213.47.208.164 to any port = 53 keep state
pass out quick proto udp from 213.47.208.164 to any port = 53 keep state
#
# Rule 11 (global)
#
#
pass out quick proto tcp from 213.47.208.164 to any port = 22 keep state
#
# Rule 12 (global)
#
#
block in log quick from any to any
block out log quick from any to any
#
# Rule fallback rule
# fallback rule
#
block in quick from any to any
block out quick from any to any
ich habe ein "kleines" Problem beim aufsetzen einer Firewall.
FreeBSD-Box mit Apache, dnscache, pure-ftpd, ipf.
Wenn ich die Regel
Pass in all
Pass out all
Eingebe, kann ich mit ftp via passivmod einloggen und das Verzeichnis wir gelistet.
Verwende ich jedoch die Regeln
pass in quick proto tcp from any to 213.47.208.164 port = 21 keep state
pass out quick proto tcp from 213.47.208.164 to any port = 21 keep state
pass in quick proto tcp from any port = 20 to 213.47.208.164 port >= 1024 keep state
pass out quick proto tcp from 213.47.208.164 port = 20 to any port >= 1024 keep state
pass in quick proto tcp from any to 213.47.208.164 port = 20 keep state
pass out quick proto tcp from 213.47.208.164 to any port = 20 keep state
kann ich mich anmelden aber er listet das Verzeichnis nicht.
Kann mir bitte jemanden helfen?
Danke
Ron
Die vollständige rules:
#
# Rule 0 (xl0)
#
#
block in log quick on xl0 from 213.47.208.164 to any
#
# Rule 0 (lo0)
#
#
pass in quick on lo0 proto icmp from any to any keep state
pass in quick on lo0 proto tcp from any to any keep state
pass in quick on lo0 proto udp from any to any keep state
pass in quick on lo0 from any to any
pass out quick on lo0 proto icmp from any to any keep state
pass out quick on lo0 proto tcp from any to any keep state
pass out quick on lo0 proto udp from any to any keep state
pass out quick on lo0 from any to any
#
# Rule 0 (global)
#
#
block in log quick from 10.0.0.0/8 to 213.47.208.164
block in log quick from 192.168.0.0/16 to 213.47.208.164
block in log quick from 172.16.0.0/12 to 213.47.208.164
#
# Rule 1 (global)
#
#
pass in quick proto tcp from any to 213.47.208.164 port = 21 keep state
#
# Rule 2 (global)
#
#
pass out quick proto tcp from 213.47.208.164 to any port = 21 keep state
#
# Rule 3 (global)
#
#
pass in quick proto tcp from any port = 20 to 213.47.208.164 port >= 1024 keep state
#
# Rule 4 (global)
#
#
pass out quick proto tcp from 213.47.208.164 port = 20 to any port >= 1024 keep state
#
# Rule 5 (global)
#
#
pass in quick proto tcp from any to 213.47.208.164 port = 20 keep state
#
# Rule 6 (global)
#
#
pass out quick proto tcp from 213.47.208.164 to any port = 20 keep state
#
# Rule 7 (global)
#
#
pass in quick proto tcp from any to 213.47.208.164 port = 80 keep state
#
# Rule 8 (global)
#
#
pass out quick proto tcp from 213.47.208.164 to any port = 80 keep state
#
# Rule 9 (global)
#
#
pass in quick proto tcp from any to 213.47.208.164 port = 53 keep state
pass in quick proto udp from any to 213.47.208.164 port = 53 keep state
#
# Rule 10 (global)
#
pass out quick proto tcp from 213.47.208.164 to any port = 53 keep state
pass out quick proto udp from 213.47.208.164 to any port = 53 keep state
#
# Rule 11 (global)
#
#
pass out quick proto tcp from 213.47.208.164 to any port = 22 keep state
#
# Rule 12 (global)
#
#
block in log quick from any to any
block out log quick from any to any
#
# Rule fallback rule
# fallback rule
#
block in quick from any to any
block out quick from any to any