ipfilter rule will not load

Aaron Siegel bulk_mail at siegel-tech.net
Tue Apr 25 17:19:10 UTC 2006 

Hello
I cannot get ipfilter to load any rules. When I type in the iptest command I 
receive the following output:
<root at hal># ipftest
no rules loaded

I used the example found in the /usr/share/examples directory I am unable to 
load the firewall. I have tried to load the file though

# ipf -Fa -f /etc/ipf.rules

I have posted my configuration bellow

Thank you
Aaron




Kernel
#IPFILTER
options         IPFILTER
options         IPFILTER_LOG
#options                IPFILTER_DEFAULT_BLOCK

/etc/rc.conf
ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.rules"
ipmon_enable="YES"
ipmon_flags="-Dsn"
ipnat_enable="YES"
ipnat_rules="/etc/ipnat.rules"


/etc/syslog.conf
security.*                                      /var/log/ipfilter.log
security.info                                   /var/log/firewall.info
security.notice                                 /var/log/firewall.notice
security.warning                                /var/log/firewall.warning
security.err                                    /var/log/firewall.err
 
/etc/ipf.rules (small excerpt)# Allow in standard www function because I have 
apache server
pass in quick on dc0 proto tcp from any to any port = 80 flags S keep state
pass in quick on dc0 proto udp from any to any port = 80 keep state

# Allow access to the zope server 8080
pass in quick on dc0 proto tcp from any to any port = 8080 flags S keep state
pass in quick on dc0 proto udp from any to any port = 8080 keep state

# Allow in non-secure Telnet session from public Internet
# labeled non-secure because ID/PW passed over public Internet as clear text.
# Delete this sample group if you do not have telnet server enabled.
#pass in quick on dc0 proto tcp from any to any port = 23 flags S keep state
#pass in quick on dc0 porto udp from any to any port = 23 keep state


# Allow in secure FTP, Telnet, and SCP from public Internet
# This function is using SSH (secure shell)
pass in quick on dc0 proto tcp from any to any port = 22 flags S keep state
pass in quick on dc0 proto udp from any to any port = 22 keep state

# Block and log only first occurrence of all remaining traffic
# coming into the firewall. The logging of only the first
# occurrence stops a .denial of service. attack targeted
# at filling up your log file space.
# This rule enforces the block all by default logic.
block in log first quick on dc0 all

More information about the freebsd-questions mailing list