Fwd: IPFilter 4.1.13 on Solaris 8

This is a discussion on Fwd: IPFilter 4.1.13 on Solaris 8 within the IPFilter forums, part of the System Security and Security Related category; I have yet to receive any responses to this situation. I surely would appreciate guidance that anyone may offer. I ...


Go Back   Usenet Forums > System Security and Security Related > IPFilter

Reload this Page Fwd: IPFilter 4.1.13 on Solaris 8

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 02-09-2007
boxyzzy@netscape.net
 
Posts: n/a
Default Fwd: IPFilter 4.1.13 on Solaris 8

I have yet to receive any responses to this situation. I surely would
appreciate guidance that anyone may offer. I am hesitant to pursue a
new release, for historically this situation follows uncorrected.


-----Original Message-----
From: boxyzzy@netscape.net
To: ipfilter@coombs.anu.edu.au
Sent: Thu, 4 Jan 2007 8:33 AM
Subject: IPFilter 4.1.13 on Solaris 8

I am attempting to deploy IPFilter 4.1.13 on Solaris 8 systems.テつ*
テつ*
I was unable to deploy IPFilter 4.1.8 due to my trusted computers being
blocked by OOW conditions.テつ*
So, I tried IPFilter 4.1.13. Again OOW conditions prevented deployment.テつ*
Then I rebuilt IPFilter 4.1.13 with (hopefully) no OOW blocking.テつ*
テつ*
Was:テつ*
ip_fil.h:#define FI_OOW 0x0800 /* Out of state window, ... */テつ*
Is:テつ*
ip_fil.h:#define FI_OOW 0x0000 /* Out of state window, ... */テつ*
テつ*
My logic, though arguably faulty, is that I am apparently living okay
with (alledged) OOW conditions without IPFilter.テつ*
I need the protection of IPFilter now.テつ*
テつ*
This modification to IPFilter ran on a test computer for weeks without
any unexpected blocks.テつ*
Then when I attempted to deploy it, IPFilter started blocking my
trusted computers. My intent, as shownテつ*
by these config statements, is to NEVER block any traffic from any
computers on my subnetテつ*
(123.456.78.01 - 123.456.78.99):テつ*
テつ*
テつ*pass in quick proto tcp from 123.456.78.0/26 to any flags S keepテつ*
テつ*pass in quick proto udp from 123.456.78.0/26 to any keep stateテつ*
テつ*pass in quick proto tcp from 123.456.78.64/27 to any flags S keep
stateテつ*
テつ*pass in quick proto udp from 123.456.78.64/27 to any keep state テつ*
テつ*pass in quick proto tcp from 123.456.78.96/28 to any flags S keep
stateテつ*
テつ*pass in quick proto udp from 123.456.78.96/28 to any keep stateテつ*
テつ*
However, as shown below from ipmon logs, sometimes traffic from
123.456.78.xx computers is being blocked.テつ*
テつ*
I hope that someone can see what I am missing.テつ*
テつ*
This situation prohibits me from deploying the much needed IPFilter
firewall.テつ*
テつ*
-------------------------------------------------------------------------
テつ*
テつ*
Computer 123.456.78.11:テつ*
29/11/2006 12:16:35.785428 eri0 @0:18 b 123.456.78.59,52740 ->
123.456.78.11,32772 PR tcp len 20 40 -AF INテつ*
29/11/2006 12:16:36.713333 eri0 @0:18 b 123.456.78.59,52740 ->
123.456.78.11,32772 PR tcp len 20 40 -AF INテつ*
29/11/2006 12:16:38.583342 eri0 @0:18 b 123.456.78.59,52740 ->
123.456.78.11,32772 PR tcp len 20 40 -AF INテつ*
29/11/2006 12:16:42.333484 eri0 @0:18 b 123.456.78.59,52740 ->
123.456.78.11,32772 PR tcp len 20 40 -AF INテつ*
29/11/2006 12:16:49.834710 eri0 @0:18 b 123.456.78.59,52740 ->
123.456.78.11,32772 PR tcp len 20 40 -AF INテつ*
29/11/2006 12:17:04.833742 eri0 @0:18 b 123.456.78.59,52740 ->
123.456.78.11,32772 PR tcp len 20 40 -AF INテつ*
テつ*
Computer 123.456.78.43:テつ*
28/11/2006 20:18:07.266794 eri0 @0:18 b 123.456.78.11,33204 ->
123.456.78.43,33287 PR tcp len 20 40 -AF INテつ*
28/11/2006 20:18:10.632686 eri0 @0:18 b 123.456.78.11,33204 ->
123.456.78.43,33287 PR tcp len 20 40 -AF INテつ*
28/11/2006 20:18:17.382736 eri0 @0:18 b 123.456.78.11,33204 ->
123.456.78.43,33287 PR tcp len 20 40 -AF INテつ*
テつ*
.... records deleted ...テつ*
テつ*
29/11/2006 07:54:58.685624 eri0 @0:18 b 123.456.78.47,40404 ->
123.456.78.43,33287 PR tcp len 20 40 -AF INテつ*
29/11/2006 07:55:03.530294 eri0 @0:18 b 123.456.78.47,40404 ->
123.456.78.43,33287 PR tcp len 20 40 -AF INテつ*
29/11/2006 07:55:13.240332 eri0 @0:18 b 123.456.78.47,40404 ->
123.456.78.43,33287 PR tcp len 20 40 -AF INテつ*
29/11/2006 07:55:32.661388 eri0 @0:18 b 123.456.78.47,40404 ->
123.456.78.43,33287 PR tcp len 20 40 -AF INテつ*
テつ*
.... records deleted ...テつ*
テつ*
29/11/2006 08:18:55.785726 eri0 @0:18 b 123.456.78.68,39750 ->
123.456.78.43,33287 PR tcp len 20 40 -AF INテつ*
29/11/2006 08:19:00.637141 eri0 @0:18 b 123.456.78.68,39750 ->
123.456.78.43,33287 PR tcp len 20 40 -AF INテつ*
29/11/2006 08:19:10.367237 eri0 @0:18 b 123.456.78.68,39750 ->
123.456.78.43,33287 PR tcp len 20 40 -AF INテつ*
29/11/2006 08:19:29.827933 eri0 @0:18 b 123.456.78.68,39750 ->
123.456.78.43,33287 PR tcp len 20 40 -AF INテつ*
テつ*
.... records deleted ...テつ*
テつ*
29/11/2006 09:00:15.181563 eri0 @0:18 b 123.456.78.76,38799 ->
123.456.78.43,33287 PR tcp len 20 40 -AF INテつ*
29/11/2006 09:00:20.037385 eri0 @0:18 b 123.456.78.76,38799 ->
123.456.78.43,33287 PR tcp len 20 40 -AF INテつ*
29/11/2006 09:00:29.767323 eri0 @0:18 b 123.456.78.76,38799 ->
123.456.78.43,33287 PR tcp len 20 40 -AF INテつ*
29/11/2006 09:00:49.229308 eri0 @0:18 b 123.456.78.76,38799 ->
123.456.78.43,33287 PR tcp len 20 40 -AF INテつ*
テつ*
.... records deleted ...テつ*
テつ*


__________________________________________________ ______________________
Check Out the new free AIM(R) Mail -- 2 GB of storage and
industry-leading spam and email virus protection.
=0

Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 03:56 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0