Date: Sun, 14 Oct 2001 16:32:37 -0700 From: "Crist J. Clark" <cristjc@earthlink.net> To: Cliff Sarginson <cliff@raggedclown.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Firewall and nmap Message-ID: <20011014163237.H309@blossom.cjclark.org> In-Reply-To: <20011014210232.B1658@raggedclown.net>; from cliff@raggedclown.net on Sun, Oct 14, 2001 at 09:02:32PM %2B0200 References: <20011014210232.B1658@raggedclown.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Oct 14, 2001 at 09:02:32PM +0200, Cliff Sarginson wrote:
> Hello,
> I am slowly building up my knowledge of ipfilter in order
> to build as secure a firewall as I can, basically allowing
> everything out and only ssh and smtp in.
> I am testing it locally basically using nmap. Until
> I actually get 24/7 online it is a bit difficult to test
> it from the outside world. I would like to know that
> if a local test using nmap seems to confirm the intentions of
> my rules is that good enough ?
It depends on what you mean by "local." If it is another machine on
the LAN, that is probably just fine. If you are running nmap on the
firewall machine itself, it really is not. Processing stuff that never
crosses a "real" interface and comes off of a wire is just not the
same as running stuff over the loopback.
But then again, if you really do not have the facilities to test the
machine in any other way, it is better than nothing.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011014163237.H309>