Date: Wed, 18 Nov 1998 08:12:17 -0800 (PST) From: David Wolfskill <dhw@whistle.com> To: gandolf@gandolf.ml.org Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Firewalling Message-ID: <199811181612.IAA04718@pau-amma.whistle.com> In-Reply-To: <199811180207.VAA02843@gandolf.ml.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>From: "Jeff Hamilton" <gandolf@destiny.erols.com> >Date: Tue, 17 Nov 1998 21:07:50 -0500 (EST) >I am trying to setup ipfw to block any unwanted access to nfs, mount, >rpc, samba, pop and dns ports. >I am currently firewalling 53,110,111,137,138,139, and 2049 with both >tcp and udp. >Are there any other ports that I should block to prevent unwanted access >to these services? This may be more of a philosophical point (but my namesake was a philosopher, for whatever that's worth...), but I suggest you approach this from the opposite perspective: Block everything except the services that you know you want to support. I have also found it useful to have a "catch-all" high-numbered rule to block & log everything. Then, for things I neither want to permit through, nor do I really want to be reminded that they exist (UDP 137 & 138, anyone?), I'll insert a slightly lower-numbered rule to silently drop those on the floor. david -- David Wolfskill UNIX System Administrator dhw@whistle.com voice: (650) 577-7158 pager: (650) 371-4621 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811181612.IAA04718>