Date: Tue, 2 Jul 2002 02:45:37 +0200 From: "nascar24" <nascar24@home.nl> To: "Gerhard Sittig" <Gerhard.Sittig@gmx.net>, <security@freebsd.org> Subject: Re: Making a firewall more closed Message-ID: <007301c22161$c9c76ef0$0200a8c0@winxp> References: <01a001c22107$3d3b2850$0200a8c0@winxp> <20020701214825.L1494@shell.gsinet.sittig.org>
next in thread | previous in thread | raw e-mail | index | archive | help
What I mean is that I want to grand acces to the internet. But only to ports I 'trust', like 80,21,22 etc. But when I make a rule like: add 550 allow ip from me to any 80,21,22 I cannot acces a website, that puzzles me. > On Mon, Jul 01, 2002 at 15:57 +0200, nascar24 wrote: > > > > I've been using the IPFW for some time now but I have one problem. I have > > closed my firewall (I guess) from attacks from the outside world. But I am > > open to attacks from within, i.e: trojan horses etc. > > > > Here is my rc.firewall.rules file. I think it is in rule 500 & 550. But if I > > change them to 21,22,80,8080 I cannot connect to any websites or FTP sites. > > > > [ filter rule set snipped ] > > > > I hope you can help, thanks in advance. > > What exactly is your question? > > If you want to "less trust the inside", close the inner interface > as much as you did with the outside. > > If you are looking for hints on how to generally improve your > filter rules I strongly suggest you have a look at the ipfilter > HowTo -- even if you don't use ipf: this document talks about > the basics, too, plus derives / designes a rule set from bottom > up. Visit www.ipfilter.org or look at the misc/26763 PR (Cyrille > Lefevre, "installing ipfilter sample files to share/examples"). > > > virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 > Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net > -- > If you don't understand or are scared by any of the above > ask your parents or an adult to help you. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007301c22161$c9c76ef0$0200a8c0>