From owner-freebsd-security@FreeBSD.ORG Sun Aug 3 05:42:18 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 829B637B401 for ; Sun, 3 Aug 2003 05:42:18 -0700 (PDT) Received: from fw1.internett.de (fw1.internett.de [195.30.142.24]) by mx1.FreeBSD.org (Postfix) with ESMTP id 26F2143FB1 for ; Sun, 3 Aug 2003 05:42:17 -0700 (PDT) (envelope-from michael@nettmail.de) Received: from mx5.internett.de (mx5.internett.de [195.30.142.17]) with ESMTP id h73CgEI29725 for ; Sun, 3 Aug 2003 14:42:14 +0200 Received: (from wwwrun@localhost)id h73CfWU01449 for freebsd-security@freebsd.org; Sun, 3 Aug 2003 14:41:32 +0200 To: freebsd-security@freebsd.org Message-ID: <1059914492.3f2d02fc3de14@mx5.internett.de> Date: Sun, 03 Aug 2003 14:41:32 +0200 (CEST) From: michael MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Originating-IP: 213.146.117.10 X-Virus-Scanned: by AMaViS-perl11-milter (http://amavis.org/) Subject: ipfw or ipf w/stateful behavior X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Aug 2003 12:42:18 -0000 Hi, first i must tell you, that my english is not the best, i hav learned my english from manpages and documentation. Please excuse this. I have setted up a Box w/FreeBSD 4.7-RELEASE for connecting to the w3 through an DSL/ATM-Connection. Now i know the stateful handling of firewall-rules under linux with iptables.In the second i have understand that FreeBSD comes with the netfilter-extensions. Now i have made all rules with the setup/established or keep-state flags (ipfw) and my ftp-connections are not really stateful. I think that these behavior is also so by irc-chat. Now i wont to know, how must i do to become also an stateful behavior for these services, w/o to open the high-ports from the firewall, then at the last time i become over and over with portscans from outside, and i think this is an security reason. i don't realy want to open the high-ports on my box. give it an chance by using ipf and not ipfw?? i have read the documentations, and i have no hint found that solve this problem, my i have seen that in first time ipf is mutch more complex to configure and has more pitfalls to make mistakes, with the ip packet description language. have anyone any idea we i can solve this problem w/o to open the high-ports?? thanks for all best regards and have a good and funny time michael