Date: Mon, 15 Oct 2001 03:01:19 +0200 From: Cliff Sarginson <cliff@raggedclown.net> To: freebsd-questions@FreeBSD.ORG Subject: Re: Firewall and nmap Message-ID: <20011015030119.B2028@raggedclown.net> In-Reply-To: <20011014163237.H309@blossom.cjclark.org>; from cristjc@earthlink.net on Sun, Oct 14, 2001 at 04:32:37PM -0700 References: <20011014210232.B1658@raggedclown.net> <20011014163237.H309@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Oct 14, 2001 at 04:32:37PM -0700, Crist J. Clark wrote: > On Sun, Oct 14, 2001 at 09:02:32PM +0200, Cliff Sarginson wrote: > > Hello, > > I am slowly building up my knowledge of ipfilter in order > > to build as secure a firewall as I can, basically allowing > > everything out and only ssh and smtp in. > > I am testing it locally basically using nmap. Until > > I actually get 24/7 online it is a bit difficult to test > > it from the outside world. I would like to know that > > if a local test using nmap seems to confirm the intentions of > > my rules is that good enough ? > > It depends on what you mean by "local." If it is another machine on > the LAN, that is probably just fine. Yes, sorry, perhaps that was unclear. I meant another machine on the LAN. > If you are running nmap on the > firewall machine itself, it really is not. Processing stuff that never > crosses a "real" interface and comes off of a wire is just not the > same as running stuff over the loopback. > Yes, I appreciate that point. thanks ! > But then again, if you really do not have the facilities to test the > machine in any other way, it is better than nothing. > -- > Crist J. Clark | cjclark@alum.mit.edu > | cjclark@jhu.edu > http://people.freebsd.org/~cjc/ | cjc@freebsd.org -- Regards Cliff To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011015030119.B2028>