Date: Mon, 01 Jul 2002 18:52:29 -0600 From: Colin Faber <cfaber@fpsn.net> To: nascar24 <nascar24@home.nl> Cc: Gerhard Sittig <Gerhard.Sittig@gmx.net>, security@FreeBSD.ORG Subject: Re: Making a firewall more closed Message-ID: <3D20F94D.3B2820A9@fpsn.net> References: <01a001c22107$3d3b2850$0200a8c0@winxp> <20020701214825.L1494@shell.gsinet.sittig.org> <007301c22161$c9c76ef0$0200a8c0@winxp>
next in thread | previous in thread | raw e-mail | index | archive | help
Do you have a rule in place which precludes 550 ? nascar24 wrote: > > What I mean is that I want to grand acces to the internet. But only to ports > I 'trust', like 80,21,22 etc. But when I make a rule like: > > add 550 allow ip from me to any 80,21,22 > > I cannot acces a website, that puzzles me. > > > On Mon, Jul 01, 2002 at 15:57 +0200, nascar24 wrote: > > > > > > I've been using the IPFW for some time now but I have one problem. I > have > > > closed my firewall (I guess) from attacks from the outside world. But I > am > > > open to attacks from within, i.e: trojan horses etc. > > > > > > Here is my rc.firewall.rules file. I think it is in rule 500 & 550. But > if I > > > change them to 21,22,80,8080 I cannot connect to any websites or FTP > sites. > > > > > > [ filter rule set snipped ] > > > > > > I hope you can help, thanks in advance. > > > > What exactly is your question? > > > > If you want to "less trust the inside", close the inner interface > > as much as you did with the outside. > > > > If you are looking for hints on how to generally improve your > > filter rules I strongly suggest you have a look at the ipfilter > > HowTo -- even if you don't use ipf: this document talks about > > the basics, too, plus derives / designes a rule set from bottom > > up. Visit www.ipfilter.org or look at the misc/26763 PR (Cyrille > > Lefevre, "installing ipfilter sample files to share/examples"). > > > > > > virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 > > Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net > > -- > > If you don't understand or are scared by any of the above > > ask your parents or an adult to help you. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Colin Faber (303) 736-5160 fpsn.net, Inc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D20F94D.3B2820A9>