From owner-freebsd-stable Wed Dec 18 11:25:24 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DBE9C37B401 for ; Wed, 18 Dec 2002 11:25:22 -0800 (PST) Received: from mail.gactr.uga.edu (mail.gactr.uga.edu [128.192.37.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4F56E43EB2 for ; Wed, 18 Dec 2002 11:25:22 -0800 (PST) (envelope-from robin.blanchard@gactr.uga.edu) Received: (qmail 68866 invoked from network); 18 Dec 2002 19:25:21 -0000 Received: from unknown (HELO gcxp538380) ([10.10.26.247]) (envelope-sender ) by mail.servers.gactr.gc.nat (qmail-ldap-1.03) with SMTP for ; 18 Dec 2002 19:25:21 -0000 From: "Robin P. Blanchard" To: "'Clifton Royston'" Cc: Subject: RE: ipfilter / ipnat quandry Date: Wed, 18 Dec 2002 14:25:21 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Well...After a bit of trial and error with my ruleset I've determined that commenting out the entires in the below stanza cause nmap to report as expected (only port 22 is open. Is this by design? The commented entries are directly out of the IPF faq. ??? Robin. # tcp / udp incoming: default deny unless matched below pass in quick on tx0 proto tcp from any to any port =3D 22 flags S keep state keep frags pass in quick on tx0 proto udp from 216.140.56.250 port =3D 53 to any = keep state pass in quick on tx0 proto udp from 205.152.0.20 port =3D 53 to any keep state pass in quick on tx0 proto udp from 205.152.16.20 port =3D 53 to any = keep state pass in quick on tx0 proto udp from 205.152.32.20 port =3D 53 to any = keep state pass in quick on tx0 proto udp from 205.152.0.5 port =3D 53 to any keep state pass in quick on tx0 proto udp from 66.188.79.136 port =3D 53 to any = keep state pass in quick on tx0 proto udp from 209.186.12.3 port =3D 53 to any keep state pass in quick on tx0 proto udp from 209.186.12.30 port =3D 53 to any = keep state #block return-rst in log quick on tx0 proto tcp from any to any flags FUP #block return-rst in log quick on tx0 proto tcp from any to any flags SF/SFRA #block return-rst in log quick on tx0 proto tcp from any to any flags /SFRA #block return-rst in log quick on tx0 proto tcp all block return-icmp(0) in log quick on tx0 proto udp all block in log quick on tx0 all ---------------------------------------- Robin P. Blanchard Systems Integration Specialist Georgia Center for Continuing Education fon: 706.542.2404 <|> fax: 706.542.6546 ---------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message