Dialup firewalling with FreeBSD
Prev  

6 Questions

6.1. I get messages like “limit 500 reached on entry 2800” and after that my machine stops logging denied packets that match that rule number. Is my firewall still working?
6.2. There must be something wrong. I followed your instructions to the letter and now I am locked out.

6.1. I get messages like “limit 500 reached on entry 2800” and after that my machine stops logging denied packets that match that rule number. Is my firewall still working?

This merely means that the maximum logging count for the rule has been reached. The rule itself is still working, but it will no longer log until such time as you reset the logging counters. An example of how to clear your counters can be found below:

# ipfw resetlog

Alternatively, you may increase the log limit in your kernel configuration with the IPFIREWALL_VERBOSE_LIMIT option as described above. You may also change this limit (without recompiling your kernel and having to reboot) by using the net.inet.ip.fw.verbose_limit sysctl(8) value.

6.2. There must be something wrong. I followed your instructions to the letter and now I am locked out.

This tutorial assumes that you are running userland-ppp, therefore the supplied rule set operates on the tun0 interface, which corresponds to the first connection made with ppp(8) (aka user-ppp). Additional connections would use tun1, tun2 and so on.

You should also note that pppd(8) uses the ppp0 interface instead, so if you start the connection with pppd(8) you must substitute tun0 for ppp0. A quick way to edit the firewall rules to reflect this change is shown below. The original rule set is backed up as fwrules_tun0.

	    % cd /etc/firewall
	    /etc/firewall% su
	    Password:
	    /etc/firewall# mv fwrules fwrules_tun0
	    /etc/firewall# cat fwrules_tun0 | sed s/tun0/ppp0/g > fwrules

To know whether you are currently using ppp(8) or pppd(8) you can examine the output of ifconfig(8) once the connection is up. E.g., for a connection made with pppd(8) you would see something like this (showing only the relevant lines):

	    % ifconfig
	    (skipped...)
	    ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1524
                    inet xxx.xxx.xxx.xxx --> xxx.xxx.xxx.xxx netmask 0xff000000
	    (skipped...)

On the other hand, for a connection made with ppp(8) (user-ppp) you should see something similar to this:

	    % ifconfig
	    (skipped...)
	    ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
	    (skipped...)
	    tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1524
	            (IPv6 stuff skipped...)
                    inet xxx.xxx.xxx.xxx --> xxx.xxx.xxx.xxx netmask 0xffffff00
                    Opened by PID xxxxx
            (skipped...)
Prev Home  
The rule set for the firewall