From owner-freebsd-questions  Thu Jan 11  5: 6:55 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from tango.SoftHome.net (tango.SoftHome.net [204.144.231.49])
	by hub.freebsd.org (Postfix) with SMTP id 0DBD337B404
	for <freebsd-questions@FreeBSD.ORG>; Thu, 11 Jan 2001 05:06:36 -0800 (PST)
Received: (qmail 22649 invoked by uid 417); 11 Jan 2001 13:13:05 -0000
Received: from unknown (HELO msuluhan) (195.155.33.55)
  by smtpb.softhome.net with SMTP; 11 Jan 2001 13:13:05 -0000
From: "MuratBSD" <muratbsd@softhome.net>
To: "freebsd-questions" <freebsd-questions@FreeBSD.ORG>
Subject: ipfw problem
Date: Thu, 11 Jan 2001 15:09:08 +0200
Message-ID: <NEBBKCBJALGONAJFPFDJMECBCDAA.muratbsd@softhome.net>
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Importance: Normal
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hi

I setup a FreeBSD firewall, and my ipfw rules are below.

My problem is about UDP ports. When I scan the udp ports on x.y.z.d (this is
my reel ip) with nmap from Internet, I found 1447 ports are open and 1 ports
are filtered (I don't know what does filtered mean).

As you can see, I denied all udp packets from any to any via x.y.z.d in the
65534. rule so why I found open UDP ports?

Do you have any recommendation to my ipfw rules?


00060 61192 19149127 divert 8668 ip from any to any via fxp1
00100  2588   349058 allow ip from any to any via lo0
00200   483    21252 allow tcp from any to any 80 setup
00201  5321  4369503 allow tcp from any 80 to any
00202  4767   635420 allow tcp from any to any 80
00250   588    62658 allow tcp from any 21 to any
00300   628    44256 allow tcp from any to any 21
00400  2823   146668 allow tcp from any to any 22
00450  2221   389237 allow tcp from any 22 to any
00500  6998   290876 allow tcp from any 25 to any
00550 12674  7847704 allow tcp from any to any 25
00650  1691   283910 allow udp from any 53 to any
00700  1904   127907 allow udp from any to any 53
00810 27636 16041254 allow tcp from any 110 to any
00810 20836   901646 allow tcp from any to any 110
00820  1112   911800 allow tcp from any 119 to any
00821  1018    52958 allow tcp from any to any 119
00900   252   172197 allow icmp from any to any
09000  6285  4668866 allow tcp from any 3128 to any
09001  5282   695471 allow tcp from any to any 3128
65534  9246   304896 deny udp from any to any via x.y.z.d
65535  3155   288859 deny ip from any to any

My FreeBSD is 4.2-STABLE

--------------------------------
|
| Murat SULUHAN
| TE.SA.M. T.U.R.K. / GLOBALSTAR
|
--------------------------------




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message