Changeset View
Changeset View
Standalone View
Standalone View
etc/rc.firewall
Show First 20 Lines • Show All 429 Lines • ▼ Show 20 Lines | [Ww][Oo][Rr][Kk][Ss][Tt][Aa][Tt][Ii][Oo][Nn]) | ||||
# logged (in /var/log/security). | # logged (in /var/log/security). | ||||
# firewall_nologports: List of TCP/UDP ports for which | # firewall_nologports: List of TCP/UDP ports for which | ||||
# denied incoming packets are not | # denied incoming packets are not | ||||
# logged. | # logged. | ||||
# Allow packets for which a state has been built. | # Allow packets for which a state has been built. | ||||
${fwcmd} add check-state | ${fwcmd} add check-state | ||||
# Reassemble UDP packets. This fixes DNSSEC, important for accessing | |||||
# e.g. FreeBSD.org services with local_unbound resolver | |||||
${fwcmd} add reass udp from any to any in | |||||
rgrimes: This rule needs to be moved before the check-state such that check-state can see the… | |||||
# For services permitted below. | # For services permitted below. | ||||
${fwcmd} add pass tcp from me to any established | ${fwcmd} add pass tcp from me to any established | ||||
# Allow any connection out, adding state for each. | # Allow any connection out, adding state for each. | ||||
${fwcmd} add pass tcp from me to any setup keep-state | ${fwcmd} add pass tcp from me to any setup keep-state | ||||
${fwcmd} add pass udp from me to any keep-state | ${fwcmd} add pass udp from me to any keep-state | ||||
${fwcmd} add pass icmp from me to any keep-state | ${fwcmd} add pass icmp from me to any keep-state | ||||
if [ $ipv6_available -eq 0 ]; then | if [ $ipv6_available -eq 0 ]; then | ||||
▲ Show 20 Lines • Show All 104 Lines • Show Last 20 Lines |
This rule needs to be moved before the check-state such that check-state can see the reassembled packet and not the packet fragments.