Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ipfw]

IPFW is is a native firewall built into FreeBSD.

IPFW is a stateful firewall included in the basic FreeBSD install as a kernel loadable module and supports both IPv4 and IPv6. It is comprised of several components: the kernel firewall filter rule processor and its integrated packet accounting facility, the logging facility, NAT, the dummynet(4) traffic shaper, a forward facility, a bridge facility, and an ipstealth facility.

61 questions
1
vote
3 answers

Will dropping only SYN packets improve or decrease firewall performance?

I'm setting ipfw, and the following was suggested to me: If I make the rule only to drop SYN packets for TCP, no connection could be established and the firewall won't even have to look at other packets. It seems counter intuitive for me. I think…
Barnaba
  • 123
  • 6
1
vote
2 answers

ipfw not delaying requests on localhost (OS X)

I'm trying to add some latency to a connection to a webapp running on localhost:8080 (Tomcat). I've tried adding the following: sudo ipfw pipe 1 config delay 500ms sudo ipfw add 1 pipe 1 dst-port 8080 But in the browser I'm watching requests to the…
Bradley
  • 111
  • 3
1
vote
1 answer

ipfw rule to forward all traffic through a local proxy

I want to set up a local http proxy for testing and stubbing apps that make external api calls over http. I'm not sure the best way to do this with ipfw, I want to run my proxy as a particular user, then redirect all http traffic to this proxy, but…
olivernn
  • 121
  • 3
1
vote
0 answers

Freebsd, ipfw sched - config type = QFQ get frozen

I have some freebsd soft-router $uname -r 8.2-STABLE code for ipfw: pipe 50 config bw 70Mbit/s sched 50 config type QFQ queue 502 config sched 50 weight 1 mask dst-ip 0xffffffff queue 501 config sched 50 weight 9 mask dst-ip 0xffffffff add…
Korjavin Ivan
  • 2,230
  • 2
  • 25
  • 39
1
vote
1 answer

Recovering a server from being an open relay

One of our Mac Pro machines running Apache was inadvertently acting as a forward proxy with a public IP, after some organisation proxy rules changed. Consequently it was discovered by spammers and since then has been hammered on all sorts of ports…
brass-kazoo
  • 178
  • 6
1
vote
2 answers

Snow Leopard Server on Macbook Pro

I currently use my MBP7,1 as my primary computer, running 10.6 and Win7. I would like to switch to OSX Server so I can have a bit more control over the network services and ipfw. is it possible to run OSX Server on a laptop? if so, will anything…
neoice
  • 874
  • 4
  • 17
1
vote
3 answers

Transparent proxying leaves sockets with SYN_RCVD in MacOS X 10.6 Snow Leopard (and maybe FreeBSD)

I'm trying to create a transparent proxy on my MacOS machine in order to port the sshuttle ssh-based transproxy VPN from Linux. I think I almost have it working, but sadly, almost is not 100%. Short version is this. In one window, start something…
apenwarr
  • 2,012
  • 1
  • 11
  • 11
1
vote
1 answer

ipfw testing without blocking the FreeBSD server in the case of ipfw error

I'm a newbie with ipfw, trying to learn it and testing its commands on the server with FreeBSD. Every time when I run ipfw command via SSH with a syntax error/typo and then restart ipfw service, the server becomes blocked for me and I can't work…
stckvrw
  • 121
  • 4
1
vote
0 answers

Equivalent ipfw config for firewalld

On a system managed by firewalld it is possible to redirect incoming traffic on 443 to 8443 so the process listening doesn't have to run as root to bind to 443 which requires root. firewall-cmd --add-forward-port=port=443:proto=tcp:toport=8443 I…
washcloth
  • 111
  • 3
0
votes
0 answers

After enable rules of ipfw my server collapsed

I enable ipfw rules on my mail server. After some time server collapsed. In /var/log/messages is nothing information of my damage. But when I connected monitor, I saw some troubles with swap swap_pager: indefinite wait buffer Then I entered…
Artem Khmil
  • 1
  • 2
0
votes
0 answers

ipfw not send mail to another domain

I configure ipfw for a local mail server. Everything works fine, but after a while (from one and a half days to a couple of hours) incorrect work is observed: mail from other domains comes, but mail does not go from my mailer to another domain.…
Artem Khmil
  • 1
  • 2
0
votes
0 answers

ipfw blocks IPs not in table

FreeBSD this_server 10.3-RELEASE-p11 FreeBSD 10.3-RELEASE-p11 #0: Mon Oct 24 18:49:24 UTC 2016 IPFW seems to be full of ghosts for me. Here is an example. First the evidence of blocking with my IP sanitized: security.2.bz2:Feb 5 02:12:26…
gariac
  • 46
  • 1
  • 7
0
votes
1 answer

redirect IP on osx

On my Mac OS X (10.6.8) I'd like to make all requests for 111.111.111.111 go to 222.222.222.222 for all ports. To test this, I have a webserver at 222.222.222.222:80 which will respond with a page for any host.…
cherouvim
  • 744
  • 3
  • 18
  • 37
0
votes
1 answer

using pf for packet filtering and ipfw's dummynet for bandwidth limiting at the same time

I would like to ask if it's fine to use pf for all packet filtering (including using altq for traffic shaping) and ipfw's dummynet for bandwidth limiting certain IPs or subnets at the same time. I am using FreeBSD 10 and I couldn't find a definitive…
krdx
  • 171
  • 2
  • 10
0
votes
1 answer

FreeBSD 10 IPFW IPv6

I'm struggling to allow IPv6 connections on my FreeBSD 10 server. I have a working IPv6 connection. But IPFW blocks all the IPv6 traffic. #!/bin/sh # # flush existing rules ipfw -q flush # allow established connections ipfw -q add 1 check-state #…
MathiasB
  • 1
  • 1
  • 1
1 2
3
4 5