Autor Thema: ipf: wie kann SSH durch?  (Gelesen 3438 mal)

xpucto

  • Gast
ipf: wie kann SSH durch?
« am: 16. Februar 2006, 17:29:47 »
Hallo!
Ich habe für mein ipf den flogenden ipf.conf geschrieben:
Zitat
# block short packets which are packets fragmented too short to be real.
block in log quick all with short

# block and log inbound and outbound by default, group by destination
block in log on bge0 from any to any head 100
block out log on bge0 from any to any head 200

# web rules that get hit most often
pass in quick on bge0 proto tcp from any to any port = 80 flags S keep state group 100
pass in quick on bge0 proto tcp from any to any port = 443 flags S keep state group 100

# inbound traffic - ssh, auth
pass in quick on bge0 proto tcp from any to any port = 22 flags S keep state group 100
pass in log quick on bge0 proto tcp from any to any port = 113 flags S keep state group 100
pass in log quick on bge0 proto tcp from any port = 113 to any flags S keep state group 100

# outbound traffic - DNS, auth, NTP, ssh, WWW, smtp
pass out quick on bge0 proto tcp/udp from any to any port = domain flags S keep state group 200
pass in quick on bge0 proto udp from any port = domain to any group 100
pass out quick on bge0 proto tcp from any to any port = 113 flags S keep state group 200
pass out quick on bge0 proto tcp from any port = 113 to any flags S keep state group 200
pass out quick on bge0 proto udp from any to any port = ntp group 200
pass in quick on bge0 proto udp from any port = ntp to any port = ntp group 100
pass out quick on bge0 proto tcp from any to any port = ssh flags S keep state group 200
pass out quick on bge0 proto tcp from any to any port = 80 flags S keep state group 200
pass out quick on bge0 proto tcp from any to any port = 443 flags S keep state group 200
pass out quick on bge0 proto tcp from any to any port = smtp flags S keep state group 200

# pass icmp packets in and out
#pass in quick on bge0 proto icmp from any to any keep state group 100
#pass out quick on bge0 proto icmp from any to any keep state group 200

# block and ignore NETBIOS packets
block in quick on bge0 proto tcp from any to any port = 135 flags S keep state group 100
block in quick on bge0 proto tcp from any port = 137 to any flags S keep state group 100
block in quick on bge0 proto udp from any to any port = 137 group 100
block in quick on bge0 proto udp from any port = 137 to any group 100
block in quick on bge0 proto tcp from any port = 138 to any flags S keep state group 100
block in quick on bge0 proto udp from any port = 138 to any group 100
block in quick on bge0 proto tcp from any port = 139 to any flags S keep state group 100
block in quick on bge0 proto udp from any port = 139 to any group 100
Das Problem ist, dass danach geht ssh nicht mehr durch. Versteht jemand warum?
Oder hätte jemand ein ipf.conf Beispiel für ein Webserver mit SSH?
Danke.
XpucTo

sonnenblen.de - Das unabhängige Sun User Forum

ipf: wie kann SSH durch?
« am: 16. Februar 2006, 17:29:47 »