IPFilter strange behaviour

jreypo — Thu, 08 Oct 2009 08:24:05 GMT

Hi guys. I'm setting up an IPFilter version 15 in a 11.31 host with the following ruleset:

---
# Block any incoming packet with IP options set
block in log quick all with ipopts

# Allow any connection initiated from the host
pass out quick proto icmp all keep state
pass out quick proto tcp all keep state
pass out quick proto udp all keep state

# Allow incoming connections from the data-protector cluster
pass in log quick on lan0 from dpphost01 to any
pass in log quick on lan0 from dpphost02 to any

# Block any other connection
block in all
---

But when I try to ssh from any other host than the DPP cluster the connection is stablished.

I check the kernel modules and they are loaded. The ipfstat -io command shows everything OK:

---
[root@artemisa] / # ipfstat -io
pass out quick proto icmp from any to any keep state
pass out quick proto tcp from any to any keep state
pass out quick proto udp from any to any keep state
block in log quick from any to any with ipopt
pass in log quick on lan0 from 10.31.4.75/32 to any
pass in log quick on lan0 from 10.31.4.76/32 to any
block in from any to any
[root@artemisa] / #
---

I have little experience with IPFilter so any comment would be welcome.

--
JMR

Re: IPFilter strange behaviour

Fred K. Abell Jr._1 — Thu, 22 Oct 2009 13:40:44 GMT

Try this for a pass in filter for ssh.

#Allow SecureShell incoming connections
pass in quick on lan0 proto tcp from <> to any port = 22 flags S keep state keep frags

Works for me!
Fred

Re: IPFilter strange behaviour

jreypo — Thu, 22 Oct 2009 14:58:27 GMT

Thx for the answer Fred. I tried to do as you said and it worked :-)

Rgrds,
---
JMR

topic Re: IPFilter strange behaviour in Operating System - HP-UX

IPFilter strange behaviour

Re: IPFilter strange behaviour

Re: IPFilter strange behaviour