Hi List, Yesterday I have configured a IP filter ruleset on Solaris 10, all day machine was working fine but at night our monitoring system start sending problem alerts for the machine running IP filter and when i tries to ssh the machine from one of the ALLOWED host it do not let me in.
I'll greatly appreciate any help in this regard. Here are the rules which i have used in /etc/ipf/ipf.conf # block all inbound packets. # block in from any to any # # pass through packets to and from localhost. # pass in from 127.0.0.1/32 to 127.0.0.1/32 # # allow a variety of individual Truested hosts to send any type of IP packet to any # other host. # pass in quick from xxx.xx.xx.xxx/32 to any keep state pass in quick from xxx.xx.xx.xxx/32 to any keep state # # Allow all ICMP pass in proto icmp from any to any # Allow all Radius pass in quick proto udp from any to any port = 1812 pass in quick proto udp from any to any port = 1813 # Allow FTP to collect CDRs pass in quick proto tcp from 10.254.160.0/24 to any port = 20 keep state pass in quick proto tcp from 10.254.160.0/24 to any port = 21 keep state # # Allow out all from this machine pass out quick from any to any keep state The only thing which was working but was also not perfect was ICMP and Radius ports, there was too much delay in ICMP. Thanks.
