Hello,
Someone can tell my why can not I use pkg update with these firewall rules ? Port 80 in/out is open. When i turn off ipwf everything works like a charm.
And got errow with ipfw enabled:
Someone can tell my why can not I use pkg update with these firewall rules ? Port 80 in/out is open. When i turn off ipwf everything works like a charm.
Code:
00010 allow ip from any to any via lo0
00101 check-state
00110 allow tcp from me to any dst-port 53 out via em0 setup keep-state
00111 allow udp from me to any dst-port 53 out via em0 keep-state
00120 allow udp from me 68 to any dst-port 67 out via em0 keep-state
00200 allow tcp from any to any dst-port 80 out via em0 setup keep-state #<--- www
00220 allow tcp from any to any dst-port 443 out via em0 setup keep-state
00230 allow tcp from any to any dst-port 25 out via em0 setup keep-state
00231 allow tcp from any to any dst-port 465 out via em0 setup keep-state
00232 allow tcp from any to any dst-port 587 out via em0 setup keep-state
00250 allow icmp from any to any out via em0 keep-state
00270 allow udp from any to any dst-port 123 out via em0 keep-state
00280 allow tcp from any to any dst-port 22 out via em0 setup keep-state
00299 deny log logamount 10 ip from any to any out via em0
00310 allow icmp from any to any in via em0
00330 deny ip from any to any frag in via em0
00332 deny tcp from any to any established in via em0
00350 allow udp from any 53 to me in via em0
00360 allow tcp from any 53 to me in via em0
00370 allow udp from any 67 to me dst-port 68 in via em0 keep-state
00400 allow tcp from any to me dst-port 80 in via em0 keep-state #<--- www
00410 allow tcp from any to me dst-port 443 in via em0 keep-state
01000 deny ip from table(22) to any
56420 allow tcp from any to me dst-port 22 in via em0 setup limit src-addr 2
56530 allow tcp from any to any dst-port 25 in via em0 setup keep-state
56531 allow tcp from any to any dst-port 465 in via em0 setup keep-state
56532 allow tcp from any to any dst-port 587 in via em0 setup keep-state
56599 deny log logamount 10 ip from any to any in via em0
65535 allow ip from any to any
Code:
pkg: Repository FreeBSD load error: access repo file(/var/db/pkg/repo-FreeBSD.sqlite) failed: No such file or directory