Date: Wed, 16 Jun 2004 07:20:32 -0400 From: Bill Moran <wmoran@potentialtech.com> To: Kevin Curran <kevin@curranfamilynet.net> Cc: freebsd-questions@freebsd.org Subject: Re: Are 4 IPFW rules enough? Message-ID: <20040616072032.0a5ee617.wmoran@potentialtech.com> In-Reply-To: <1087261927.5494.11.camel@tower> References: <1087261927.5494.11.camel@tower>
next in thread | previous in thread | raw e-mail | index | archive | help
Kevin Curran <kevin@curranfamilynet.net> wrote: > I have a cable modem and I'm using 4.9 as a NAT router for my home > network. I have 4 rules in my ipfw config. The first enables NAT and > the last is 65000 allow any to any. > > In between I ha 2 rules to deny access to ports 53 and 110 on the > Internet side. That's all. > > Here's my thinking: I use inetd.conf to enable only the services I want, > therefore the ports on which those services are listening I would want > open. The two other ports I want to filter on the WAN side are filtered > by the rules above. All the other ports are closed, anyway, so why > spend time debugging an elaborate rule set? Check the output of "sockstat -4" to ensure that you don't have anything running that you aren't aware of ... syslogd is a typical culpret. You'll probably have to add syslogd_flags="-ss" to /etc/rc.conf Otherwise, you're probably good, execpt that there are some spoofing techniques that may be able to get around such a ruleset. That's beyond my expertise, however. -- Bill Moran Potential Technologies http://www.potentialtech.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040616072032.0a5ee617.wmoran>