From owner-FreeBSD-users-jp@jp.FreeBSD.org Thu Jun 24 12:35:47 2004
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id i5O3Zld37371;
	Thu, 24 Jun 2004 12:35:47 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from mailsv.occ.co.jp (ns.occ.co.jp [210.230.242.40])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with ESMTP/inet id i5O3ZjI37357
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Thu, 24 Jun 2004 12:35:45 +0900 (JST)
	(envelope-from nishi@occ.co.jp)
Received: from knife.occ.co.jp ([210.230.242.51] helo=knife)
	by mailsv.occ.co.jp with smtp id 1BdL1d-000PKI-41
	for FreeBSD-users-jp@jp.FreeBSD.org; Thu, 24 Jun 2004 12:35:45 +0900
Received: from iraq.occ.co.jp ([210.230.242.92] helo=[172.16.14.118])
	by mailsv.occ.co.jp with esmtp id 1BdL1c-000PKB-TS
	for FreeBSD-users-jp@jp.FreeBSD.org; Thu, 24 Jun 2004 12:35:44 +0900
From: nishi@occ.co.jp
To: FreeBSD-users-jp@jp.FreeBSD.org
In-Reply-To: <20040624000812.5533.MEGURO@yggdrasil.jp>
References: <20040623122851.90DD.NISHI@occ.co.jp> <20040624000812.5533.MEGURO@yggdrasil.jp>
Message-Id: <20040624123447.FF7E.NISHI@occ.co.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-2022-JP"
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver. 2.09.01 [ja]
Reply-To: FreeBSD-users-jp@jp.FreeBSD.org
Precedence: list
Date: Thu, 24 Jun 2004 12:35:29 +0900
X-Sequence: FreeBSD-users-jp 80019
Subject: [FreeBSD-users-jp 80019] Re: ipf =?ISO-2022-JP?B?GyRCJE4bKEI=?=
 =?ISO-2022-JP?B?GyRCRjA6biRLJEQkJCRGGyhC?= 
Sender: owner-FreeBSD-users-jp@jp.FreeBSD.org
X-Originator: nishi@occ.co.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+040623

$B@>$G$9!#$4=u8@$"$j$,$H$&$4$6$$$^$9!#(B

> ipmon(8)$B$rFI$_$J$,$i8+$F$_$k$H!"2<$N%m%0$O%0%k!<%WHV9f#0!$%k!<%kHV9f#2#5(B
> (@0:25)$B$K4p$E$$$F(B192.168.xx.xx$B$+$i(B10.x.x.x$B$KF~$C$F$/$k%Q%1%C%H$r%V%m%C%/(B
> $B$7$^$7$?$H$$$&0UL#$G$9!#(B
> $B$"$H$O(B"ipfstat -i -n"$B$G(B@0:25$B$N%k!<%k$r3NG'$9$l$P%R%s%H$,F@$i$l$k$H;W$$$^(B
> $B$9!#(B
@0:25 $B$O:G8e$N!V(Bblock in log quick from any to any$B!W$G$9!#(B


> $B$A$g$C$H5$$K$J$C$?$N$G$9$,!"%m%0$G$O%/%i%$%"%s%HB&$+$i(BFIN/ACK$B%Q%1%C%H$,(B
> $B=P$F$$$k$h$&$K8+$($k$N$G$9$,!"(BFIN/ACK$B%Q%1%C%H$O%5!<%P!<B&$,=P$9$N$,0lHL(B
> $BE*$@$C$?$h$&$J5$$,$7$^$9!#(B
$B$9$_$^$;$s!"$3$N%m%0$NA0$K(B ACK $B$N$_%V%m%C%/$5$l$F$$$k9T"-$,$"$j$^$7$?!#(B
ACK$B$N$_%V%m%C%/$5$l$F$$$k%m%0$,J#?t$"$j!"$=$N8e!"(BFIN/ACK $B$N%V%m%C%/%m%0(B
$B$,=PNO$5$l$F$$$^$7$?!#(B
$B%5!<%PB&$+$i(BOUT$B$7$?(BFIN/ACK $B$O5v2D$5$l!"%m%0$5$l$J$+$C$?$H;W$$$^$9!#(B

----------------------------------------------------------------
Jun 22 21:02:28 sv ipmon[41375]: 21:02:27.681877 fxp0 @0:25 b
192.168.xx.xx,4372 -> 10.x.x.x,25 PR tcp len 20 52 -A IN
Jun 22 21:07:28 sv ipmon[41375]: 21:07:27.675673 fxp0 @0:25 b
192.168.xx.xx,4372 -> 10.x.x.x,25 PR tcp len 20 52 -AF IN

Jun 22 21:08:04 sv ipmon[41375]: 21:08:04.177219 fxp0 @0:25 b
192.168.xx.xx,12684 -> 10.x.x.x,110 PR tcp len 20 40 -A IN
Jun 22 21:08:10 sv ipmon[41375]: 21:08:09.349950 fxp0 @0:25 b
192.168.xx.xx,12684 -> 10.x.x.x,110 PR tcp len 20 40 -AF IN
----------------------------------------------------------------

$B>e5-$N$h$&$K(B($BH4?h(B)$B$J$j$^$9!#(B
keep state $B$K$D$$$F%^%K%e%"%k(B(ipf(5))$B$G$O(B
---------------------------------------------------------------------------------
KEEP HISTORY
       state  keeps information about the flow  of  a  communication  session.
              State can be kept for TCP, UDP, and ICMP packets.

       allowing packets which match these to  flow  straight  through,  rather
       than going through the access control list.
---------------------------------------------------------------------------------
$B$N$h$&$K$J$C$F$$$?$N$G!"(B
flags S keep state $B$K$D$$$F$N;d$NM}2r$O"-$G$9!#(B 
$B#1!%(BSYN $B%U%i%0$N$_$,%;%C%H$5$l$F$$$k%Q%1%C%H(B($B@\B33+;O%Q%1%C%H(B)$B$r5v2D$7!"(B
$B!!!!$=$NDL?.$N>uBV(B(src port, dst port $BEy(B)$B$r5-O?$9$k!#(B
$B#2!%$=$N8e$O5-O?$5$l$?>uBV(B(keep state)$B$K%^%C%A$7!"DL?.$,5v2D$5$l$k!#(B

$B=>$C$F!"%V%m%C%/$5$l$?%Q%1%C%H$O>uBV$,5-O?$5$l$J$+$C$?(BACK$B$N%Q%1%C%H(B
$B$H$$$&;v$K$J$i$J$$$G$7$g$&$+!)(B

$B;n$7$K(B @15 $B$r%m%.%s%0$7$F$_$?$H$3$m(B
pass in log quick proto tcp from any to any port = 25 flags S keep state

$B@5>o;~$N%m%0$O0J2<$N$h$&$K$J$j$^$7$?!#(B
------------------------------------------------------------------------------
Jun 24 10:28:17 sv ipmon[41375]: 10:28:17.168441 fxp0 @0:15 p
192.168.xx.xx,30503 -> 10.x.x.x,25 PR tcp len 20 48 -S K-S IN

Jun 24 10:28:17 sv ipmon[41375]: 10:28:17.168456 fxp0 @0:15 p
10.x.x.x,25 -> 192.168.xx.xx,30503 PR tcp len 20 44 -AS K-S OUT

Jun 24 10:28:17 sv ipmon[41375]: 10:28:17.169386 fxp0 @0:15 p
192.168.xx.xx,30503 -> 10.x.x.x,25 PR tcp len 20 40 -A K-S IN
-------------------------------------------------------------------------------
$B"(%5!<%P$N(BIP$B$,(B 10.x.x.x

$B9TKv$K(B K-S $B$HI=<($5$l$F$$$^$,!"0[>o;~$K$O(B3$BHVL\$N%Q%1%C%H$,%V%m%C%/(B
$B$5$l$F$$$k$N$G$O$J$$$+$H?dB,$7$F$$$^$9!#(B

$B$_$J$5$s$N$H$3$m$G$O(BIPFILTER$B$,IT0BDj$K$J$kEy$N>I>u$O$J$$$G$7$g$&$+!)(B
$B$b$7!"8=>]$,:FH/$7$?$i>e5-$N$h$&$K%m%.%s%0$G$-$k$+;n$7$?$$$H;W$$$^$9!#(B

-- 
Nishi

