From owner-freebsd-questions Tue Sep 21 17: 1:10 1999 Delivered-To: freebsd-questions@freebsd.org Received: from horst.bfd.com (horst.bfd.com [12.9.219.10]) by hub.freebsd.org (Postfix) with ESMTP id 84823150D2 for ; Tue, 21 Sep 1999 17:01:09 -0700 (PDT) (envelope-from ejs@bfd.com) Received: from HARLIE.bfd.com (bastion.bfd.com [12.9.219.14]) by horst.bfd.com (8.9.3/8.9.2) with ESMTP id RAA08413; Tue, 21 Sep 1999 17:01:05 -0700 (PDT) (envelope-from ejs@bfd.com) Date: Tue, 21 Sep 1999 17:01:05 -0700 (PDT) From: "Eric J. Schwertfeger" To: Joe Bo Cc: Ben Smithurst , freebsd-questions@FreeBSD.ORG Subject: Re: is this an attack? In-Reply-To: <2.2.32.19990921233851.008d4358@netmail.home.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 21 Sep 1999, Joe Bo wrote: > Thanks. I have those services open for use on my internal net. > I haven't figured out yet how to disable them on my external > network card and at the same time leave them enabled on my > internal network card. I never telnet/ftp/etc over the public > network to my machine, I do have and use ssh for that. The easiest way is to enable ipfw filtering on your machine. These are the kinds of rules I use in a similar machine.... /sbin/ipfw add 100 allow tcp from any to any 25,53,79,80 recv de0 /sbin/ipfw add 110 allow udp from any to any 53 recv de0 /sbin/ipfw add 120 deny tcp from any to any 1-1023 recv de0 /sbin/ipfw add 130 deny udp from any to any 1-1023 recv de0 The idea is to allow incoming traffic to services available to the outside, then deny all other privledged ports, just in case. (My standard security stance is to block all but that which is permitted in the privledged port ranges, and allow all that isn't forbidden outside that range). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message