Re: IPFilter 4.1.13 on Solaris 8 ... What am I missing? ... Getting closer

Wed, 18 Jul 2007 08:53:10 -0700
My trusted local hosts being blocked stil prohibits me from iplementing a much-needed IPFilter filrewall. 

Test scenario:

   1) NIS+ client with IPF firewall - no unexpected blocks reported in 
ipmonlog
   2) NIS+ replica with IPF firewall, 123.456.70.43, blocks packets 
from NIS+ master, 123.456.70.11,
       (as shown below) when NIS+ master executes "nisping -Ca" to 
syncronize replica.


ipmonlog:

18/07/2007 10:23:17.772529 2x eri0 @0:56 b 123.456.70.11,32772 -> 
123.456.70.43,54491 PR tcp len 20 40 -R IN
18/07/2007 10:23:22.564677 eri0 @0:56 b 123.456.70.11,32772 -> 
123.456.70.43,54491 PR tcp len 20 40 -R IN
18/07/2007 10:23:32.174862 eri0 @0:56 b 123.456.70.11,32772 -> 
123.456.70.43,54491 PR tcp len 20 40 -R IN


Refer to ipstat display below.

The packets are blocked as described above with or w/o statements 46, 
47 48.  Statements 40-48 were my
attempt to say, "Pass in ANY packet from these trusted hosts, 
regardless of the flag being set."


Again, I hope that you will point out what I missing!

Charles

ipfstat -in
@1 block in quick proto udp from any to 123.456.71.255/32 port = 631
@2 block in quick proto udp from any to 123.456.71.255/32 port = 137
@3 block in quick proto udp from any to 123.456.71.255/32 port = 138
@4 block in quick proto udp from any to 123.456.71.255/32 port = 139
@5 block in quick proto udp from any to 255.255.255.255/32
@6 block in quick proto tcp from any to any port = 135
@7 block in quick proto udp from any to any port = 137
@8 block in quick proto udp from any to any port = 138
@9 block in quick proto tcp from any to any port = 139
@10 block in quick proto udp from any to any port = 1026
@11 block in quick proto udp from any to any port = 1027
@12 block in quick proto 2 from any to 224.0.0.1/32
@13 block in quick proto tcp/udp from any to any port = 445
@14 block in quick proto tcp/udp from any to any port = 1433
@15 block in quick proto tcp/udp from any to any port = 1434
@16 block in quick proto tcp/udp from any to any port = 4899
@17 block in quick proto tcp/udp from any to any port = 3306

@18 pass in quick proto tcp from 123.456.68.1/32 to any keep state keep 
frags

@19 pass in quick proto udp from 123.456.68.1/32 to any keep state

@20 pass in quick proto tcp from 246.82.1.201/32 to any keep state keep 
frags

@21 pass in quick proto udp from 246.82.1.201/32 to any keep state

@22 pass in quick proto tcp from 246.82.1.202/32 to any keep state keep 
frags

@23 pass in quick proto udp from 246.82.1.202/32 to any keep state

@24 pass in quick proto tcp from 246.82.1.203/32 to any keep state keep 
frags

@25 pass in quick proto udp from 246.82.1.203/32 to any keep state

@26 pass in quick proto tcp from 246.82.1.204/32 to any keep state keep 
frags

@27 pass in quick proto udp from 246.82.1.204/32 to any keep state

@28 pass in quick proto tcp from 246.82.161.16/32 to any keep state 
keep frags

@29 pass in quick proto udp from 246.82.161.16/32 to any keep state

@30 pass in quick proto tcp from 246.82.247.34/32 to any keep state 
keep frags

@31 pass in quick proto udp from 246.82.247.34/32 to any keep state

@32 pass in quick proto tcp from 246.82.247.66/32 to any keep state 
keep frags

@33 pass in quick proto udp from 246.82.247.66/32 to any keep state

@34 pass in quick proto tcp from 246.82.247.98/32 to any keep state 
keep frags

@35 pass in quick proto udp from 246.82.247.98/32 to any keep state

@36 pass in quick proto tcp from 246.82.162.243/32 to any keep state 
keep frags

@37 pass in quick proto udp from 246.82.162.243/32 to any keep state

@38 pass in quick proto tcp from 246.82.162.242/32 to any keep state 
keep frags

@39 pass in quick proto udp from 246.82.162.242/32 to any keep state

@40 pass in quick proto tcp from 123.456.70.0/26 to any keep state keep 
frags

@41 pass in quick proto udp from 123.456.70.0/26 to any keep state

@42 pass in quick proto tcp from 123.456.70.64/27 to any keep state 
keep frags

@43 pass in quick proto udp from 123.456.70.64/27 to any keep state

@44 pass in quick proto tcp from 123.456.70.96/28 to any keep state 
keep frags

@45 pass in quick proto udp from 123.456.70.96/28 to any keep state

@46 pass in quick proto tcp from 123.456.70.0/26 to any flags 
FSRPAU/FSRPAU keep state keep frags
@47 pass in quick proto tcp from 123.456.70.64/27 to any flags 
FSRPAU/FSRPAU keep state keep frags
@48 pass in quick proto tcp from 123.456.70.96/28 to any flags 
FSRPAU/FSRPAU keep state keep frags
@49 pass in quick proto tcp from 123.456.0.0/16 to any port = 22 keep 
state keep frags
@50 pass in quick proto tcp from 246.82.0.0/16 to any port = 22 keep 
state keep frags
@51 pass in quick proto tcp from any port = 22 to any keep state keep 
frags
@52 pass in quick proto tcp from 111.200.54.241/32 to any port = 22 
keep state keep frags
@53 pass in quick proto tcp from 222.115.209.28/32 to any port = 22 
keep state keep frags
@54 pass in quick proto tcp from 333.169.43.83/32 to any port = 22 keep 
state keep frags

@55 pass in quick proto icmp from any to any
@56 block in log quick all
________________________________________________________________________

Check Out the new free AIM(R) Mail -- Unlimited storage and 
industry-leading spam and email virus protection.






















					Reply via email to