[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Machine running IP filter get unresponsive after few hours
From:       "askarali () ptcl ! net" <askarali () ptcl ! net>
Date:       2009-11-26 4:18:41
Message-ID: 9852_1259215417_4B0E1A39_9852_235_1_21204818.71791259209121855.JavaMail.root () fe-srv03 ! ptcl ! net
[Download RAW message or body]

Hi List,

Yesterday I have configured a IP filter ruleset on Solaris 10, all 
day machine was working fine but at night our monitoring system start sending 
problem alerts for the machine running IP filter and when i tries to ssh the 
machine from one of the ALLOWED host it do not let me in.

I'll greatly 
appreciate any help in this regard.

Here are the rules which i have used in 
/etc/ipf/ipf.conf

# block all inbound packets.
#
block in from any to any
#
# 
pass through packets to and from localhost.
#
pass in from 127.0.0.1/32 to 
127.0.0.1/32
#
# allow a variety of individual Truested hosts to send any type 
of IP packet to any
# other host.
#
pass in quick from xxx.xx.xx.xxx/32 to any 
keep state
pass in quick from xxx.xx.xx.xxx/32 to any keep state
#
# Allow all 
ICMP
pass in proto icmp from any to any

# Allow all Radius
pass in quick proto 
udp from any to any port = 1812
pass in quick proto udp from any to any port = 
1813

# Allow FTP to collect CDRs
pass in quick proto tcp from 10.254.160.0/24 
to any port = 20   keep state
pass in quick proto tcp from 10.254.160.0/24 to 
any port = 21 keep state
#
# Allow out all from this machine
pass out quick 
from any to any keep state


The only thing which was working but was also not 
perfect was ICMP and Radius ports, there was too much delay in ICMP.

Thanks.
[prev in list] [next in list] [prev in thread] [next in thread]