Date: Wed, 18 Dec 2002 14:25:21 -0500 From: "Robin P. Blanchard" <robin.blanchard@gactr.uga.edu> To: "'Clifton Royston'" <cliftonr@lava.net> Cc: <stable@freebsd.org> Subject: RE: ipfilter / ipnat quandry Message-ID: <EE3D3FBAFFCAED448C21C398FDAD91AC0440C2@EBE1.gc.nat> In-Reply-To: <EE3D3FBAFFCAED448C21C398FDAD91AC01077A@EBE1.gc.nat>
next in thread | previous in thread | raw e-mail | index | archive | help
Well...After a bit of trial and error with my ruleset I've determined that commenting out the entires in the below stanza cause nmap to report as expected (only port 22 is open. Is this by design? The commented entries are directly out of the IPF faq. ??? Robin. # tcp / udp incoming: default deny unless matched below pass in quick on tx0 proto tcp from any to any port =3D 22 flags S keep state keep frags pass in quick on tx0 proto udp from 216.140.56.250 port =3D 53 to any = keep state pass in quick on tx0 proto udp from 205.152.0.20 port =3D 53 to any keep state pass in quick on tx0 proto udp from 205.152.16.20 port =3D 53 to any = keep state pass in quick on tx0 proto udp from 205.152.32.20 port =3D 53 to any = keep state pass in quick on tx0 proto udp from 205.152.0.5 port =3D 53 to any keep state pass in quick on tx0 proto udp from 66.188.79.136 port =3D 53 to any = keep state pass in quick on tx0 proto udp from 209.186.12.3 port =3D 53 to any keep state pass in quick on tx0 proto udp from 209.186.12.30 port =3D 53 to any = keep state #block return-rst in log quick on tx0 proto tcp from any to any flags FUP #block return-rst in log quick on tx0 proto tcp from any to any flags SF/SFRA #block return-rst in log quick on tx0 proto tcp from any to any flags /SFRA #block return-rst in log quick on tx0 proto tcp all block return-icmp(0) in log quick on tx0 proto udp all block in log quick on tx0 all ---------------------------------------- Robin P. Blanchard Systems Integration Specialist Georgia Center for Continuing Education fon: 706.542.2404 <|> fax: 706.542.6546 ---------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EE3D3FBAFFCAED448C21C398FDAD91AC0440C2>