[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: firewall configuration on a router

To: Sewa AGBODJAN <sewa at cafe.tg>
Subject: Re: firewall configuration on a router
From: Brian Candler <B.Candler at pobox.com>
Date: Mon, 10 Jun 2002 15:29:14 +0100
Cc: afnog at afnog.org
Content-Disposition: inline
Content-Type: text/plain; charset=us-ascii
Delivered-To: afnog-archive at lists.eahd.or.ug
Delivered-To: afnog-outgoing at afnog.org
Delivered-To: afnog at afnog.org
In-Reply-To: <19021970739.20020610135025 at cafe.tg>; from sewa at cafe.tg on Mon, Jun 10, 2002 at 01:50:25PM +0000
References: <19021970739.20020610135025 at cafe.tg>
Sender: owner-afnog at afnog.org
User-Agent: Mutt/1.2.5i

On Mon, Jun 10, 2002 at 01:50:25PM +0000, Sewa AGBODJAN wrote:
> Here is ipfw i wrote for ospf and rip
> 
> ipfw add pass ospf from any to any
> 
> 
> #Allow rip
> ipfw add pass udp from OUTSIDE INTERFACE 520  to any

That's only inbound of course - unless you have another rule allowing all
outbound UDP.

> Those rules are between
> 
>   ipfw add pass tcp from any to any established
>   and
>   ipfw add deny all from any to any

Have the new rules been loaded successfully? i.e. does "ipfw list" show the
rules you expect?

The other thing is that OSPF and RIP packets are sent to broadcast/multicast
addresses, so you may need to comment out

        ${fwcmd} add deny all from any to 224.0.0.0/4 via ${oif}
        ${fwcmd} add deny all from any to 240.0.0.0/4 via ${oif}

or else move your OSPF/RIP rules before this.

> PS: How can i configure syslogd to write screen output directly in a file
> when using this rule ?

First, work out what syslog level they are being sent as: from 'man ipfw',

     log [logamount number]
             If the kernel was compiled with IPFIREWALL_VERBOSE, then when a
             packet matches a rule with the log keyword a message will be
             logged to syslogd(8) with a LOG_SECURITY facility.

Looking in the kernel source, they are logged as security.info

Then look in /etc/syslog.conf to see what syslog does with these.
You should find they are getting written to '/var/log/security' already.
Have a look in that file.

If what you're really asking is how to _stop_ these messages being logged to
the console, then you need to find which line in /etc/syslog.conf is also
matching these packets and sending them to the console. Post your
/etc/syslog.conf here if you can't find it.

After changing this file, do 'killall -1 syslogd' to make it re-read its
config file.

Regards,

Brian.

-----
This is the afnog mailing list, managed by Majordomo 1.94.5

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org

References:
- firewall configuration on a router
  - From: Sewa AGBODJAN <sewa at cafe.tg>
- firewall configuration on a router
  - From: Sewa AGBODJAN <sewa at cafe.tg>

Prev by Date: Fw: 0:190 ORG
Next by Date: Re: firewall configuration on a router
Prev by thread: firewall configuration on a router
Next by thread: Re: firewall configuration on a router
Index(es):
- Date
- Thread