From owner-freebsd-security Mon Jul 1 13:16:43 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6FC0037B400 for ; Mon, 1 Jul 2002 13:16:40 -0700 (PDT) Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 2985743E09 for ; Mon, 1 Jul 2002 13:16:39 -0700 (PDT) (envelope-from Gerhard.Sittig@gmx.net) Received: (qmail 17794 invoked by uid 0); 1 Jul 2002 20:16:37 -0000 Received: from p5091081e.dip0.t-ipconnect.de (HELO mail.gsinet.sittig.org) (80.145.8.30) by mail.gmx.net (mp004-rz3) with SMTP; 1 Jul 2002 20:16:37 -0000 Received: (qmail 39904 invoked from network); 1 Jul 2002 19:48:33 -0000 Received: from shell.gsinet.sittig.org (192.168.11.153) by mail.gsinet.sittig.org with SMTP; 1 Jul 2002 19:48:33 -0000 Received: (from sittig@localhost) by shell.gsinet.sittig.org (8.11.3/8.11.3) id g61JmPU39891 for security@freebsd.org; Mon, 1 Jul 2002 21:48:25 +0200 (CEST) (envelope-from sittig) Date: Mon, 1 Jul 2002 21:48:25 +0200 From: Gerhard Sittig To: security@freebsd.org Subject: Re: Making a firewall more closed Message-ID: <20020701214825.L1494@shell.gsinet.sittig.org> Mail-Followup-To: security@freebsd.org References: <01a001c22107$3d3b2850$0200a8c0@winxp> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <01a001c22107$3d3b2850$0200a8c0@winxp>; from nascar24@home.nl on Mon, Jul 01, 2002 at 03:57:23PM +0200 Organization: System Defenestrators Inc. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Jul 01, 2002 at 15:57 +0200, nascar24 wrote: > > I've been using the IPFW for some time now but I have one problem. I have > closed my firewall (I guess) from attacks from the outside world. But I am > open to attacks from within, i.e: trojan horses etc. > > Here is my rc.firewall.rules file. I think it is in rule 500 & 550. But if I > change them to 21,22,80,8080 I cannot connect to any websites or FTP sites. > > [ filter rule set snipped ] > > I hope you can help, thanks in advance. What exactly is your question? If you want to "less trust the inside", close the inner interface as much as you did with the outside. If you are looking for hints on how to generally improve your filter rules I strongly suggest you have a look at the ipfilter HowTo -- even if you don't use ipf: this document talks about the basics, too, plus derives / designes a rule set from bottom up. Visit www.ipfilter.org or look at the misc/26763 PR (Cyrille Lefevre, "installing ipfilter sample files to share/examples"). virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message