Date: Sun, 25 Mar 2001 12:58:52 -0500 From: Carl <no1-carl@home.com> To: freebsd-questions@FreeBSD.ORG Subject: Dynamic ipfw ruleset to block all unrequested packets... Message-ID: <01032512585203.00338@Demon>
next in thread | raw e-mail | index | archive | help
Hello, I have been reading through the firewall literature and have set up a very simple firewall. It is just for my home connection to my cable modem service. I do have a router attached to the cable modem that has my FreeBSD machine as a DMZ. The router's IP is 192.168.1.1 and it assigns my FreeBSD box 192.168.1.100. The following is my rc.firewall file snippet: ############ # Local IP address of my computer ip="192.168.1.100" ############ # Dynamic rule set that only allows packets # that have been requested by this IP ${fwcmd} add check-state ${fwcmd} add deny log all from not ${ip} to any ${fwcmd} add pass all from ${ip} to any keep-state When I use nmap to scan myself (ie: nmap -sS -p 111 <my @Home IP>) it lists the sunrpc port as filtered (better than open), but I was wondering if is possible to make this port disappear? The other strange thing, when I ping myself (ie: ping <my @Home IP>) the ICMP packets get through. Is this because I am not pinging my machine from an outside source? If so why doesn't nmap behave the same way? I have compiled my kernel with all the necessities for the firewall including others like SYN/FIN and RST dropping. I have enabled the firewall as well as SYN/FIN and RST dropping in rc.conf as well. Am I just too paranoid, or do things seem ok the way they are set? Thanks... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01032512585203.00338>