Date: Fri, 06 May 2005 13:43:08 +0200 From: Kees Plonsz <trap1@jeremino.homeunix.net> To: ?????? ???? <peanky@mail.ru>, freebsd-questions@freebsd.org Subject: Re: IPFW: 24.6.5.7 An Example NAT and Stateful Ruleset Message-ID: <1300683.eBDoCsHzG4@not_a_message_id> References: <list.freebsd.questions#843429403.20050506140126@mail.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
?????? ???? wrote on Friday 06 May 2005 12:01: > Hallo! I read article > (http://freebsd.vinf.ru/doc/en/books/handbook/firewalls-ipfw.html) > and use your example from "An Example NAT and Stateful Ruleset" part. > So, when I use this script for ipfw, I can't be able to use internet, > but if I disable the rules 400, 450 I can use internet. > > I use FreeBSD 4.10, nat, ipfw, squid. > > # Reject & Log all unauthorized incoming connections from the public > # Internet > $cmd 400 deny log all from any to any in via $pif > > # Reject & Log all unauthorized out going connections to the public > # Internet > $cmd 450 deny log all from any to any out via $pif > > My question is: can I use this script for ipfw without rules 400 and > 450 or it is a potential threat of security of my system? > > May be we can put me a link to any article about this? > > With a best regards, Ivanov Ilya. Instead of copying examples to you own system, try to understand exactly what those rules mean. Read the "man ipfw" page very carefully. Most examples have too many rules you dont need. If you want to know about the safety of your system, let your system be scanned on open and closed ports from outside: http://jeremino.homeunix.net/portscan.php -- Key-ID = A6581435 E-mail: replace trap1 with kees
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1300683.eBDoCsHzG4>