From owner-freebsd-questions  Fri Sep 21 17:51:13 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from pioneernet.net (mail.pioneernet.net [207.115.64.224])
	by hub.freebsd.org (Postfix) with ESMTP id 2B92D37B40F
	for <freebsd-questions@FreeBSD.ORG>; Fri, 21 Sep 2001 17:51:11 -0700 (PDT)
Received: from chip.wiegand.org [66.114.152.128] by pioneernet.net
  (SMTPD32-6.06) id A12FAB20094; Fri, 21 Sep 2001 17:54:07 -0700
Content-Type: text/plain;
  charset="iso-8859-1"
From: Chip <chip@wiegand.org>
To: freebsd-questions@FreeBSD.ORG
Subject: security and firewall
Date: Fri, 21 Sep 2001 17:53:37 -0700
X-Mailer: KMail [version 1.2]
MIME-Version: 1.0
Message-Id: <01092117533704.84922@chip.wiegand.org>
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

I have a fbsd 4.0 box running nothing but natd/ipfw, and it appears to be 
fairly secure - I ran nmap against it from another fbsd box outside my 
network and it shows only the sunrpc port 111 open. I have added to my ipfw 
rules a rule that explicity denies port 111. I have also disabled inetd and 
yet get the following udp ports showing as open -  111, 514, 520.

Now my question - Just what can I do to tighten my security? To make sure my 
machine isn't used as a relay, or just general protection? Is there some web 
pages that cover this basic security stuff someone can point me to?

--
Chip W.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message