Date: Wed, 27 Oct 2004 11:34:01 +0200 From: Mark Frasa <bsd@frasa.net> To: Florian Hengstberger <e0025265@student.tuwien.ac.at> Cc: freebsd-questions@freebsd.org Subject: Re: Firewall and nmap Message-ID: <20041027093401.GA33861@orion.frasa.net> In-Reply-To: <i68kvc.s43n5c@webmail.tuwien.ac.at> References: <i68kvc.s43n5c@webmail.tuwien.ac.at>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2004.10.27 11:26:00 +0000, Florian Hengstberger wrote: > Hi! > > I'm compiled a Kernel using the GENERIC config-file that > comes with the default 5.2.1 installation adding support > for ipfw. > I tried to scan my computer with a linux machine running nmap, > but nmap tells me that the host seems to be down altough I was able > to ping the freebsd-host. > So I flushed all rools for the firewall with ipfw flush (the still > existing default rule enables all trafic because I compiled this in > my kernel, ipfw -c list told me that this is true.) > Anyway, nothing changes, all ports seem to be closed running nmap, > pings are successfull again! > > 1) What's wrong with my configuration? Don't know yet, but what does ipfw show says? Maybe it enabled the /etc/rc.firewall? > 2) I've tried to add all kernel options to this mail using the online > handbook from www.freeebsd.org. I realized that the firewall section > covers now the OpenBSD filter pf. WhatŽs the state of the art? > How do I enable pf under 5.2.1 - package or port? To enable PF put in your firewall: options IPFILTER #ipfilter support These can be put optionally: options IPFILTER_LOG #ipfilter logging options IPFILTER_DEFAULT_BLOCK #block all packets by default I don't think you want the last one yet, so first comment it out. > 3) Is there something similar like nmap or is there a BSD-network scanner, > which usage is recommended? Dunno, i use nmap on my boxes as well. Works great. > > Thanks in advance, > Florian > Your welcome. Mark. > ------------------------------------------------------ > Florian Hengstberger > e0025265@student.tuwien.ac.at > http://stud3.tuwien.ac.at/~e0025265 > ------------------------------------------------------ > > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041027093401.GA33861>