OpenForum RSS: stateful ipfw: ipfw_install_state: entry already present

stateful ipfw: ipfw_install_state: entry already present (0rt)

Thu, 24 Nov 2011 04:50:31 GMT

�� :

add allow icmp from any to any

add check-state
add divert natd tcp from 192.168.0.0/16 to any 22,25,110,143,465,587,993,995,7000,7001,7005 out xmit bce1 keep-state
add divert natd udp from 192.168.0.0/16 to any 7000,7001,7005 out xmit bce1 keep-state
add divert natd ip from 192.168.89.8/32,192.168.89.254/32 to any out xmit bce1 keep-state
add deny ip from any to any frag
add deny tcp from any to any established

# ��
add deny ip from any to 192.168.0.0/16 in recv bce1
add deny ip from 192.168.0.0/16 to any in recv bce1
add deny ip from any to 172.16.0.0/12 in recv bce1
add deny ip from 172.16.0.0/12 to any in recv bce1
add deny ip from any to 10.0.0.0/8 in recv bce1
add deny ip from 10.0.0.0/8 to any in recv bce1
add deny ip from any to 169.254.0.0/16 in recv bce1
add deny ip from 169.254.0.0/16 to any in recv bce1

add allow tcp from any to any ssh setup keep-state
add allow tcp from any to XXX.XXX.XXX.66 53 setup keep-state
ad

stateful ipfw: ipfw_install_state: entry already present (Golub Mikhail)

Mon, 21 Nov 2011 07:32:08 GMT

>> �� , ��, �� . ��
>> � ��, �� № 02200 ��. ��, ��, �� ӣ ��
>> ��, �� .
> �� -�� - �� keep-state �� .
> keep-state �� , �� "��". ��
> �� -�� "� �� ".

�� , �� ... �� , �� .
�� .

�� , NAT-� ��.

00100 check-state
00200 allow tcp from any to any established
00300 allow ip from any to any via lo0
00400 deny log ip from any to any not verrevpath in via em0
00500 deny tcp from table(5) to me dst-port 25
00600 allow tcp from table(3) to me dst-port 22 setup
01000 allow icmp from any to any
01100 allow tcp from table(3) to me dst-port 21 setup
01200 allow tcp from any to me dst-port 49152-65535 setup
01400 allow tcp from any to me dst-port 25 setup
01500 allow tcp from any to m

stateful ipfw: ipfw_install_state: entry already present (Square)

Sat, 19 Nov 2011 07:10:18 GMT

> �� , ��, �� . ��
> � ��, �� № 02200 ��. ��, ��, �� ӣ ��
> ��, �� .

�� -�� - �� keep-state �� .
keep-state �� , �� "��". �� -�� "� �� ".

stateful ipfw: ipfw_install_state: entry already present (0rt)

Fri, 18 Nov 2011 23:42:54 GMT

�� , ��, �� . �� , �� № 02200 ��. ��, ��, �� ӣ �� , �� .

stateful ipfw: ipfw_install_state: entry already present (Square)

Fri, 18 Nov 2011 16:14:50 GMT

>[�� ]
> 02100 allow ip from any to any out xmit bce1 setup keep-state
> 02200 allow ip from any to any out xmit bce0 setup keep-state
> 02300 allow ip from any to XXX.XXX.XXX.66 dst-port 53 keep-state
> 02400 allow tcp from any to XXX.XXX.XXX.68 dst-port 20,21,80,443 setup keep-state
> 02500 allow tcp from any to XXX.XXX.XXX.69 dst-port 443,5222,5223 setup keep-state
> 02600 allow icmp from any to any keep-state
> 02700 deny log ip from any to any
> IPFW ��, �� :
> ipfw: ipfw_install_state: entry already present, done
> � ޣ� � �� ?

http://www.google.ru/search?hl=ru&source=hp&biw=1235&bih=437&q=ipfw%3A+ipfw_install_state%3A+entry+already+present%2C+done&gbv=2&oq=ipfw%3A+ipfw_install_state%3A+entry+already+present%2C+done&aq=f&aqi=&aql=&gs_sm=e&gs_upl=1904l1904l0l2295l1l1l0l0l0l0l185l185l0.1l1l0