From owner-freebsd-questions@freebsd.org  Sat Nov 26 20:39:15 2016
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id EDB41C572D7
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Sat, 26 Nov 2016 20:39:15 +0000 (UTC)
 (envelope-from galtsev@kicp.uchicago.edu)
Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.20.71])
 by mx1.freebsd.org (Postfix) with ESMTP id C8CCB268
 for <freebsd-questions@freebsd.org>; Sat, 26 Nov 2016 20:39:15 +0000 (UTC)
 (envelope-from galtsev@kicp.uchicago.edu)
Received: by cosmo.uchicago.edu (Postfix, from userid 48)
 id B1073CB8CA1; Sat, 26 Nov 2016 14:39:26 -0600 (CST)
Received: from 76.193.16.216 (SquirrelMail authenticated user valeri)
 by cosmo.uchicago.edu with HTTP;
 Sat, 26 Nov 2016 14:39:26 -0600 (CST)
Message-ID: <63024.76.193.16.216.1480192766.squirrel@cosmo.uchicago.edu>
In-Reply-To: <5839E997.1060000@gmail.com>
References: <5839D239.7010503@gmail.com>
 <a96d1ad6-4ea0-98d5-fdec-34b9fd5b1b39@bananmonarki.se>
 <5839E997.1060000@gmail.com>
Date: Sat, 26 Nov 2016 14:39:26 -0600 (CST)
Subject: Re: open ports
From: "Valeri Galtsev" <galtsev@kicp.uchicago.edu>
To: "Ernie Luzar" <luzar722@gmail.com>
Cc: "Bernt Hansson" <bah@bananmonarki.se>,
 "Freebsd Questions" <freebsd-questions@freebsd.org>
Reply-To: galtsev@kicp.uchicago.edu
User-Agent: SquirrelMail/1.4.8-5.el5.centos.7
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Nov 2016 20:39:16 -0000


On Sat, November 26, 2016 1:59 pm, Ernie Luzar wrote:
> Bernt Hansson wrote:
>
>> On 2016-11-26 19:19, Ernie Luzar wrote:
>>> Running 11.0 release, ipfilter firewall with rules to block inbound
>>> port 21, 25, 110. Nmap shows those ports are open even though the
>>> firewall is blocking them. Is this expected?
>>>
>> You are testing them from the "outside"
>>
>
> Issued this command from the command line of the host.
> IE; not from some host on the public net.
>
> nmap -v xxx.xxx.xxx.xxx    x = host public IP address
>

As Bernt Hansson has mentioned, this command should have been executed on
different host. You are testing rile for _inbound_ traffic, that is why
different host, not the machine itself.

I hope this helps.

Valeri

>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"
>


++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++