Date: Sat, 21 Nov 1998 11:07:48 -0800 (PST) From: Dan Busarow <dan@dpcsys.com> To: Brian Gallucci <brian@briang.org> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ICMP Message-ID: <Pine.BSF.3.96.981121110046.21888E-100000@java.dpcsys.com> In-Reply-To: <000901be153b$273fd0e0$2900a8c0@desktop.briang.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 21 Nov 1998, Brian Gallucci wrote:
> Which one of these would I use if I whanted to stop poeple from doing a port
> scan on my boxes,
> but at the same time not stopping me from be able to ping out....
> This is the rule I'm using " ipfw add 3400 deny log icmp from any to
> 24.1.88.78 icmptype ? "
Since ICMP doesn't use ports blocking it won't have much effect on
port scanning.
If you want to block access to all ports from the outside use
$fwcmd add deny log tcp from any to any in via ${oif} setup
along with
$fwcmd add pass tcp from any to any established
to let your users get outside. You can probably block all incoming
UDP requests with the possible exception of DNS. The "simple" config
in /etc/rc.firewall is a very good starting point for you.
Dan
--
Dan Busarow 949 443 4172
Dana Point Communications, Inc. dan@dpcsys.com
Dana Point, California 83 09 EF 59 E0 11 89 B4 8D 09 DB FD E1 DD 0C 82
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.981121110046.21888E-100000>