Re: [7.99.18] ipfilter

To: port-sparc64%netbsd.org@localhost
Subject: Re: [7.99.18] ipfilter
From: christos%astron.com@localhost (Christos Zoulas)
Date: Sun, 19 Jul 2015 16:29:18 +0000 (UTC)

In article <55AB980B.3090606%systella.fr@localhost>,
BERTRAND JoÃ«l  <joel.bertrand%systella.fr@localhost> wrote:
>	Hello,
>
>	I'm not sure it's a sparc64 specific issue. Maybe I have done a mistake.
>
>	I use a blade2000 as a router. WAN is connected to gem0 by a WIMAX 
>modem. LAN's are connected to hme[0-3].
>
>	All but 2222/TCP (ssh) are closed from WAN. Thus, I have written in 
>/etc/ipf.conf :
>
>pass in from any to any
>pass out from any to any
>block in log on gem0 proto tcp \
>	from any to any port = 2222
>pass in log on gem0 proto tcp \
>	from rayleigh.systella.fr to any port = 2222
>pass in log on gem0 proto tcp \
>	from newton.systella.fr to any port = 2222
>pass in on hme0 to tap0:192.168.1.1 proto tcp \
>         from 192.168.10.250 port = 80 to any
>
>	If I understand, all connections to 2222/TCP are blocked when they 
>don't come from rayleigh and newton. But I see on console that some IPv4 
>(mainly from China) try to connect to my server on 2222/TCP port.
>
>	Where is my mistake ?

Start from the more specific rules and end in the more general.
I.e. flip the order, starting from the last rule going to the first.

christos

Follow-Ups:
- Re: [7.99.18] ipfilter
  - From: Christos Zoulas

References:
- [7.99.18] ipfilter
  - From: BERTRAND Joël

Prev by Date: Re: [7.99.20] Build error
Next by Date: Re: [7.99.18] ipfilter
Previous by Thread: [7.99.18] ipfilter
Next by Thread: Re: [7.99.18] ipfilter
Indexes:

Home | Main Index | Thread Index | Old Index