Can IPFW be bypassed? And if so what workaround do I need to fix that? Sorry if it has been asked before, a search of IPFW+bypass has few relevant results...
I haven't put any energy into installing IPFW before because my desktop is behind a firewall. But now, I'm configuring a new system which won't be behind a firewall that I control so adding one of FreeBSD's firewall ports would certainly be of big help. While experimenting with IPFW, I added rules so that I have DENY ALL INGOING/OUTGOING by default, and I add ALLOW for outgoing ports that I need one at a time. I use the SECURITY log to detect packets blocked by IPFW so I can adjust my rules.
I noticed that my VirtualBOX VMs aren't blocked by IPFW. These VMs use the network bridged adaptor so their IP4 address is in the same local network as my actual local network. However, I did consider these individual IP4 addresses when creating my rules. This setup is using FreeBSD 10.1. The other system is a FreeBSD 10.3, and it's the SSH trafic that bypass IPFW. I have very similar IPFW rules for that second system.
I do have:
as the first rule. Would that one be my bypass issue?
Is there someting that would send the TCP/IP trafic to IPFW first, then the other subsystems?
Thanks!
Dominique.
I haven't put any energy into installing IPFW before because my desktop is behind a firewall. But now, I'm configuring a new system which won't be behind a firewall that I control so adding one of FreeBSD's firewall ports would certainly be of big help. While experimenting with IPFW, I added rules so that I have DENY ALL INGOING/OUTGOING by default, and I add ALLOW for outgoing ports that I need one at a time. I use the SECURITY log to detect packets blocked by IPFW so I can adjust my rules.
I noticed that my VirtualBOX VMs aren't blocked by IPFW. These VMs use the network bridged adaptor so their IP4 address is in the same local network as my actual local network. However, I did consider these individual IP4 addresses when creating my rules. This setup is using FreeBSD 10.1. The other system is a FreeBSD 10.3, and it's the SSH trafic that bypass IPFW. I have very similar IPFW rules for that second system.
I do have:
allow ip from any to any via lo0
as the first rule. Would that one be my bypass issue?
Is there someting that would send the TCP/IP trafic to IPFW first, then the other subsystems?
Thanks!
Dominique.