Date: Mon, 22 Sep 2003 13:35:54 -0700 From: Mark Woodson <mwoodson@sricrm.com> To: "Toan Hoang" <ignorabimus2002@hotmail.com>, freebsd-stable@freebsd.org Subject: Re: IPFilter and Nmap Message-ID: <200309221335.54060.mwoodson@sricrm.com> In-Reply-To: <Sea1-F6n3c6xpwW35BX00000b6a@hotmail.com> References: <Sea1-F6n3c6xpwW35BX00000b6a@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 22 September 2003 01:12 pm, Toan Hoang wrote: > Greetings list! > > I'vs got a strange problem with my new FreeBSD box.. > > I've just installed IPFilter and recompiled the kernel to > 4.9PRERELEASE.. (I compiled with options: IPFILTER, IPFILTER_LOG, > IPFILTER_BLOCK_DEFAULT (IPFILTER_DEFAULT_BLOCK??) It's IPFILTER_DEFAULT_BLOCK. less /usr/src/sys/i386/conf/LINT | grep IPFILTER That will list out the kernel options with IPFILTER in the line. > My problem is when I'm scanning the FreeBSD box with nmap (from a > WinXP machine), I get rapports about ports that's open: > > (The 1647 ports scanned but not shown below are in state: filtered) > PORT STATE SERVICE > 25/tcp open smtp > 80/tcp open http > 81/tcp open hosts2-ns > 82/tcp open xfer > 83/tcp open mit-ml-dev > 110/tcp open pop-3 > 119/tcp open nntp > 1080/tcp open socks > 5190/tcp open aol > 8080/tcp open http-proxy > > My /etv/ipf.rules looks like this: > > block in all > pass in quick on lo0 all > pass out quick on lo0 all Unless the box will not connect with anything, you'll want to at the very least add pass out all on dc0 keep state So you can connect to outside stuff. Replace dc0 with your ethernet interface. You didn't mention rc.conf ipfilter_enable="YES" ipmon_enable="YES" at the very least. You might look at the other ipf options in /etc/defaults/rc.conf. -Mark
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200309221335.54060.mwoodson>