installing ipfilter

[Robert Storey]

I wanted to do some experimenting with ipfilter, and strangely, I can't figure
out how to install it.

It doesn't seem to be installed. If I do which ipfilter or man ipfilter,
there's no indication of its existence. I tried locate ipfilter, I do find
this:

  /usr/share/examples/ipfilter

  /usr/src/contrib/ipfilter

Neither of these appear to be what I need. I've looked in /usr/ports, and can't
find it there either.

I'm using 5.2-RELEASE.

best regards,
Robert
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: installing ipfilter

[Senandung Mendonan]

On Sun, 25 Apr 2004, Robert Storey wrote:

 I wanted to do some experimenting with ipfilter, and strangely, I can't
 figure out how to install it.

It's a kernel option, disabled by default. See /usr/src/sys/conf/NOTES,
look for 'IPFILTER'.

--mendonan
Yang mimpikan secangkir kopi panas dengan selimut..
 (Dreaming of a cup of hot coffee, and a blanket..)
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

RE: installing ipfilter

[JJB]

 to any port = 23 flags S
keep state

# Allow out FBSD CVSUP function
pass out quick on dc0 proto tcp from any to any port = 5999 flags S
keep state

# Allow out all icmp to public Internet
pass out quick on dc0 proto icmp from any to any keep state

# Allow out all ident to public Internet
#block out quick on dc0 proto tcp from any to any port = 113

# Allow out whois for LAN PC to public Internet
pass out quick on dc0 proto tcp from any to any port = 43 flags S
keep state

# block ports that show on log and are ok to stop logging
# Deny tcp port 81 - hosts2 name server.  winme is doing this.
block out quick on dc0 proto tcp from any to any port = 81

# Block and log only the first occurrence of everything
# else that's trying to get out.
# This rule enforces the block all by default logic.
block out log first quick on dc0 all


#
# Interface facing Public internet  (Inbound Section)
# Interrogate packets originating from the public internet
# destine for this gateway server or the private network.
#

# Block all inbound traffic from non-routable or reserved address
spaces
block in quick on dc0 from 192.168.0.0/16  to any  #RFC 1918 private
IP
block in quick on dc0 from 172.16.0.0/12   to any  #RFC 1918 private
IP
block in quick on dc0 from 10.0.0.0/8  to any  #RFC 1918 private
IP
block in quick on dc0 from 127.0.0.0/8 to any  #loopback
block in quick on dc0 from 0.0.0.0/8   to any  #loopback
block in quick on dc0 from 169.254.0.0/16  to any  #DHCP auto-config
block in quick on dc0 from 192.0.2.0/24to any  #reserved for
doc's
block in quick on dc0 from 204.152.64.0/23 to any  #Sun cluster
interconnect
block in quick on dc0 from 224.0.0.0/3 to any  #Class D  E
multicast


# Block a bunch of different nasty things. 
# That I don't want to see in the log
# Block frags
block in quick on dc0 all with frags

# Block short tcp packets
block in quick on dc0 proto tcp all with short

# block source routed packets
block in quick on dc0 all with opt lsrr
block in quick on dc0 all with opt ssrr

# Block nmap OS fingerprint attempts
# Log first occurrence of these so I can get their IP address
block in log first quick on dc0 proto tcp from any to any flags FUP

# Block anything with special options
block in quick on dc0 all with ipopts

# Block public pings
block in quick on dc0 proto icmp all icmp-type 8

# Block ident
#block in quick on dc0 proto tcp from any to any port = 113

# Block all Netbios service. 137=name, 138=datagram, 139=session
# Netbios is MS/Windows sharing services.
# Block MS/Windows hosts2 name server requests 81
block in log first quick on dc0 proto tcp/udp from any to any port =
137
block in log first quick on dc0 proto tcp/udp from any to any port =
138
block in log first quick on dc0 proto tcp/udp from any to any port =
139
block in log first quick on dc0 proto tcp/udp from any to any port =
81

# Allow traffic in from ISP's DHCP server. This rule must contain
# the IP address of your ISP's DHCP server as it's the only
# authorized source to send this packet type. Only necessary for
# cable or DSL configurations. This rule is not needed for
# 'user ppp' type connection to the public internet.
# This is the same IP address you captured and
# used in the outbound section.
pass in quick on dc0 proto udp from 168.170.21.152 to any port = 68
keep state

# Allow in standard www function because I have apache server
#pass in quick on dc0 proto tcp from any to any port = 80 flags S
keep state

# Allow in non-secure Telnet session from public Internet
# labeled non-secure because ID  PW are passed over public internet
as clear text.
# Delete this sample group if you do not have telnet server enabled.
#pass in quick on dc0 proto tcp from any to any port = 23 flags S
keep state

# Allow in secure FTP, Telnet, and SCP from public Internet
# This function is using SSH  (secure shell)
#pass in quick on dc0 proto tcp from any to any port = 22 flags S
keep state


# Block and log only first occurrence of all remaining traffic
# coming into the firewall. The logging of only the first
# occurrence stops an 'denial of service' attack targeted
# at filling up your log file space.
# This rule enforces the block all by default logic.
block in log first quick on dc0 all





-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Robert
Storey
Sent: Sunday, April 25, 2004 9:56 AM
To: [EMAIL PROTECTED]
Subject: installing ipfilter

I wanted to do some experimenting with ipfilter, and strangely, I
can't figure
out how to install it.

It doesn't seem to be installed. If I do which ipfilter or man
ipfilter,
there's no indication of its existence. I tried locate ipfilter, I
do find
this:

  /usr/share/examples/ipfilter

  /usr/src/contrib/ipfilter

Neither of these appear to be what I need. I've looked in
/usr/ports, and can't