Date: Mon, 16 Dec 2002 18:07:23 -0600 From: Barry Pederson <bp@barryp.org> To: "Robin P. Blanchard" <robin.blanchard@georgiacenter.org> Cc: stable@freebsd.org Subject: Re: ipfilter / ipnat quandry Message-ID: <3DFE6ABB.3040804@barryp.org> In-Reply-To: <1040064948.3dfe21b49d39a@www.gactr.uga.edu> References: <1040064948.3dfe21b49d39a@www.gactr.uga.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Robin P. Blanchard wrote: > -STABLE (FreeBSD 4.7-STABLE #0: Mon Nov 25 14:22:58 EST 2002) > gateway/firewall running: > # ipf -V > ipf: IP Filter: v3.4.29 (336) > Kernel: IP Filter: v3.4.29 > Running: yes > Log Flags: 0 = none set > Default: pass all, Logging: available > Active list: 0 > > > The only external port I've allowed in is SSH, yet nmapping the box > yields a slew of purportedly other open ports. Have I broken my > ruleset somewhere? Please advise. > > # nmap -v -sS -O a.b.c.d Are you executing nmap on the same machine you're probing? If so, then I think most of those rules won't apply, since the activity from nmap won't be going through your tx0 interface. You'd have to run nmap from another machine to get a useful result. You could also check the output of: ipfstat -hin (just to make sure the rules are actually loaded) Barry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DFE6ABB.3040804>