Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


[Macsec] IPFW with IPFIREWALL_DEFAULT_TO_ACCEPT
.

  • Subject: [Macsec] IPFW with IPFIREWALL_DEFAULT_TO_ACCEPT
  • From: Léonard BUTTAY [EMAIL PROTECTED]
  • Date: Fri, 22 Mar 2002 11:49:04 +0100
.
 
Hi folks,

It's look like apple's people use the IPFIREWALL_DEFAULT_TO_ACCEPT option
when they build Darwin as shown by the "ipfw list" command after a "ipfw
flush".


[localhost:~] leo% sudo ipfw list
65535 allow ip from any to any


I'm trying to change this to DEFAULT_TO_DENY style firewall.
So, at the end of my rules I add a "65534 deny ip from any to any".


[localhost:~] leo% sudo ipfw list
00005 divert 8668 ip from any to any via ppp0
01000 allow ip from any to any via lo0
02000 allow ip from any to any via en0
03001 allow tcp from any to any 80 out
...
65534 deny log ip from any to any
65535 allow ip from any to any


But the problem is that some packets seem to bypass this deny-all rule as
shown by an "ipfw show" command.


[localhost:~] leo% sudo ipfw show
00005 435 115139 divert 8668 ip from any to any via ppp0
01000 866 100992 allow ip from any to any via lo0
02000 119   7198 allow ip from any to any via en0
03001 119  16227 allow tcp from any to any 80 out
...
65534   4    176 deny log ip from any to any
65535 460  48181 allow ip from any to any


Can any of you explain me what is happening?

Thanks


        Leo
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.