From owner-freebsd-jail@freebsd.org Thu Nov 17 22:37:02 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C512AC47ACB for ; Thu, 17 Nov 2016 22:37:02 +0000 (UTC) (envelope-from marcel.plouf@gmail.com) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id A515AFE3 for ; Thu, 17 Nov 2016 22:37:02 +0000 (UTC) (envelope-from marcel.plouf@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id A4857C47ACA; Thu, 17 Nov 2016 22:37:02 +0000 (UTC) Delivered-To: jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A4355C47AC9 for ; Thu, 17 Nov 2016 22:37:02 +0000 (UTC) (envelope-from marcel.plouf@gmail.com) Received: from mail-wm0-x243.google.com (mail-wm0-x243.google.com [IPv6:2a00:1450:400c:c09::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3B0D3FE2 for ; Thu, 17 Nov 2016 22:37:02 +0000 (UTC) (envelope-from marcel.plouf@gmail.com) Received: by mail-wm0-x243.google.com with SMTP id a20so240112wme.2 for ; Thu, 17 Nov 2016 14:37:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:subject:message-id:mime-version :content-transfer-encoding; bh=b8ZaihhLONkz+o1oJVfbEDYDttX7i0aBhq3uFqksIBA=; b=ju+nBmO7ZKkSUxkDUNd4k4vPIOpxzPNQvrBUaRaAm/K7V40qtZeeM4qAlnkxtIy5/f lfmzpmCqCyRRAeJk//kI1JiNvOBasm4TsT1FaaRW2gro6rOYbc4eD8TlyIOEamXC0F09 mA9AUi1lvQtiqxO7hQS0jixgTD3aHg2/r0vqEeJD7W2GP3bS3cBOpTvchSNvUJ6i/0w1 cTbj863qdHPkbSlC1H0Go5wvsGb8Hr0MZBt67DJBYpK1jruzcniYmjvvdYuUo4lzmNOc ruCoZ6WMzS4SLD0qDTy1W5HZTQKQU3QIaAP1dT12R52B3gncTZdYiUCNFYGnaX8vVYgm OagA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:subject:message-id:mime-version :content-transfer-encoding; bh=b8ZaihhLONkz+o1oJVfbEDYDttX7i0aBhq3uFqksIBA=; b=k5+bLG7rlC9fZd6ptQaRdFj2grKHVC1tS0CHrwsJARxKLzLch85JcQ58bUaJkazrLI F2+H2yGzXq061wjfoIe3QXtIkp4aboa6EY1WHaVGOuSGLL14XxqVkZSzWzPM3YD6D+l1 K1upUojSgUF41FgFgN00hVTuEKC2dY6PbkWSQlXxuP/sjUASEjDVQjzUAMfV/JOwXeQi 5k5y35jTvkZ9NMFJZphRQQpn1jF+SLATAlbhGCzt6E6N93/v/3YIL7JenqHe/qazH9vz Ez85G9NjsroDlWSrD7tXHkzPzXdKIp3SFsW54lRWhGjZWowIgXG2ARe+uKFZwFzWh7iz PIlA== X-Gm-Message-State: AKaTC03l+VRU45jQozJtO4E2GJlSvuBXABzQe4vRYRKbC5OHKr48RsN87+mcx4VY5EEQVg== X-Received: by 10.28.51.141 with SMTP id z135mr6425455wmz.109.1479422220671; Thu, 17 Nov 2016 14:37:00 -0800 (PST) Received: from marcel-laptop.lan (85-171-136-71.rev.numericable.fr. [85.171.136.71]) by smtp.gmail.com with ESMTPSA id yj10sm5592840wjb.3.2016.11.17.14.37.00 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 17 Nov 2016 14:37:00 -0800 (PST) Date: Thu, 17 Nov 2016 23:36:07 +0100 From: marcel To: jail@freebsd.org Subject: Closing ports in jail with ipfw Message-ID: <20161117233607.3430afd4@marcel-laptop.lan> X-Mailer: Claws Mail 3.13.2 (GTK+ 2.24.31; x86_64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Nov 2016 22:37:02 -0000 Hi there, I've created a jail and when I do a nmap on his IP, I can see that port 25 and 22 are open but I don't want. So i've tried to create an IPFW rule by adding 'ipwf -q add 00290 deny all from router to jail' to my host ipfw conf file and applied it but ports jail are still open. How can I close or open the ports of my jail ? Thanks ! From owner-freebsd-jail@freebsd.org Sat Nov 19 11:12:53 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DF7DAC4AC46 for ; Sat, 19 Nov 2016 11:12:53 +0000 (UTC) (envelope-from Linda@taischuh.com.tw) Received: from taischuh.com.tw (taischuh.com.tw [60.248.227.26]) by mx1.freebsd.org (Postfix) with ESMTP id 8DDAA179 for ; Sat, 19 Nov 2016 11:12:53 +0000 (UTC) (envelope-from Linda@taischuh.com.tw) Received: from [192.168.1.3] ([154.66.162.163]) by taischuh.com.tw with Microsoft SMTPSVC(6.0.3790.4675); Sat, 19 Nov 2016 19:11:31 +0800 Message-Id: Mime-Version: 1.0 From: Mr. Farhat Wahli To: "hotmail.com," Reply-To: mr.farhatwahli@yahoo.fr Subject: I would be grateful for your prompt reply. Date: Sat, 19 Nov 2016 12:12:43 +0100 X-Bounce-Tracking-Info: Content-type: text/plain; charset=iso-8859-1; format=flowed Content-transfer-encoding: quoted-printable X-OriginalArrivalTime: 19 Nov 2016 11:11:31.0906 (UTC) FILETIME=[AEC67220:01D24255] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Nov 2016 11:12:54 -0000 Dear Good Friend, Compliment of the season, I am Mr=2E Farhat Wahli, Director In charge of Auditing and accounting depa= rtment of Bank Of Africa, BOA, I hope that you will not betray or expose th= is trust and confident that i am about to repose on you for the mutual bene= fit of our both families=2E I need your urgent assistance in transferring the sum of TEN MILLION FIVE H= UNDRED AND FIFTY THOUSAND US DOLLARS ($10,550,000=2E00) immediately to your= account anywhere you chose=2E This is a very highly secret, i will like you to please keep this proposal = as a top secret or delete it if you are not interested, upon receipt of you= r reply, i will send to you more details about this business deal=2E I will also direct you on how this deal will be done without any problem; y= ou must understand that this is 100% free from risk=2E Therefore my questions are:- 1=2E Can you handle this project? 2=2E Can I give you this trust? If yes, get back to me immediately=2E I would be grateful for your prompt reply=2E Regards Mr=2E Farhat Wahli=2E ( mr=2Efarhatwahli@yahoo=2Efr ) From owner-freebsd-jail@freebsd.org Sat Nov 19 15:01:16 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2ADC9C4A9C6 for ; Sat, 19 Nov 2016 15:01:16 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 092CDC68 for ; Sat, 19 Nov 2016 15:01:16 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id 087D7C4A9C5; Sat, 19 Nov 2016 15:01:16 +0000 (UTC) Delivered-To: jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0826AC4A9C4 for ; Sat, 19 Nov 2016 15:01:16 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-io0-x243.google.com (mail-io0-x243.google.com [IPv6:2607:f8b0:4001:c06::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C51A6C67 for ; Sat, 19 Nov 2016 15:01:15 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-io0-x243.google.com with SMTP id h133so368484ioe.2 for ; Sat, 19 Nov 2016 07:01:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-transfer-encoding; bh=C+yyoLegANXoxzBBo0SX56V3YWnypjx4m+SIHoeM1i4=; b=iRVqCfAvQBvxhmin+dLtE45SIqXTJ0ss80cNrOmgVF3nkmOWSvekEGbHqVqYG3VAiN LaLZfaGMCXRCgdn8uI9K/EnoOP76z2nVGxrcGfG1SWtnWikQQojqrnO7dADnP8tNQ1zu RTILnCO9iIqNPHWSkizecGTEWV5nkdfghuMNgNieflmmLKK8THjPxa1zW0C9HFObtUFw PXqDFKlO6oOXphMLz0Ih78Bkmb0k44aVo8apLluMKkhxj1D0ANXSV6YeL5ujEEZ91Xun v34V6vWkrU5YcDq+Bcg25zvZsirDHnILilmOYI4vUOdTJtPHAsxFmLmNTcl+zNmwuCAF 7JgQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-transfer-encoding; bh=C+yyoLegANXoxzBBo0SX56V3YWnypjx4m+SIHoeM1i4=; b=dnFC/L9oR6+vO+QNNxAttTYf0sVOZ9EeMV/IPrDMLGqylWV3xVa4qC8iRL0Onaue1A B7q/tpTinm3mV3d8lawsTkzoFkKe6m1dMINnQ0Cc1T0J5pDpZLsz3H0SekoSgv38ZQJc es+oB/NvpJMB093GNcYtbWPuqaKRrDjJbG6barLLFWQlb+Jk841jvYrAVDDkSLop4nfN jBgnNlNgxVg6lyX3Qef8imRtCIMXz3Om7i199/3rtJSdgwqljcNAyG2KuMwQRhYkfutp PytuGowTFJVGPHO9O8wML6OAZKXlGr24exv56vaVG2teFNDQxXEVC14cmtdTTN7oFemD oHrg== X-Gm-Message-State: AKaTC01F3OAJSeNJjJlNZ+4maJ0V40w50290ndTMQ/xj/lZqQpUGmu7kFipZ7gg3vQORAw== X-Received: by 10.107.171.4 with SMTP id u4mr4099665ioe.102.1479567675210; Sat, 19 Nov 2016 07:01:15 -0800 (PST) Received: from [10.0.10.3] (cpe-24-165-207-226.neo.res.rr.com. [24.165.207.226]) by smtp.googlemail.com with ESMTPSA id z14sm4736226ioz.4.2016.11.19.07.01.14 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sat, 19 Nov 2016 07:01:14 -0800 (PST) Message-ID: <58305B2A.6040600@gmail.com> Date: Sat, 19 Nov 2016 09:01:14 -0500 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: marcel CC: jail@freebsd.org Subject: Re: Closing ports in jail with ipfw References: <20161117233607.3430afd4@marcel-laptop.lan> In-Reply-To: <20161117233607.3430afd4@marcel-laptop.lan> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Nov 2016 15:01:16 -0000 marcel wrote: > Hi there, > > I've created a jail and when I do a nmap on his IP, I can see that port > 25 and 22 are open but I don't want. So i've tried to create an IPFW > rule by adding 'ipwf -q add 00290 deny all from router to jail' to my > host ipfw conf file and applied it but ports jail are still open. How > can I close or open the ports of my jail ? > > Thanks ! I tried to replicate your problem. nmap told me my running jail was down. I take this to mean the jail had no open ports that nmap could find. Your post is to general. Provide details of your jail setup and nmap command you used and where you issued it from.