From owner-freebsd-questions Fri Sep 21 18:32:44 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mailgate.rz.uni-karlsruhe.de (mailgate.rz.uni-karlsruhe.de [129.13.64.97]) by hub.freebsd.org (Postfix) with ESMTP id CFA6537B410 for ; Fri, 21 Sep 2001 18:32:41 -0700 (PDT) Received: from rz.uni-karlsruhe.de (root@wn4-marvin.wn4.uni-karlsruhe.de [172.20.12.211]) by mailgate.rz.uni-karlsruhe.de with smtp (Exim 3.16 #1) id 15kbeq-0005kQ-00; Sat, 22 Sep 2001 03:32:40 +0200 Date: Sat, 22 Sep 2001 03:32:56 +0200 From: Benedikt Schmidt To: freebsd-questions@FreeBSD.ORG Subject: Re: security and firewall Message-ID: <20010922033256.A16599@wn4-marvin.wn4.uni-karlsruhe.de> Mail-Followup-To: freebsd-questions@FreeBSD.ORG References: <01092117533704.84922@chip.wiegand.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <01092117533704.84922@chip.wiegand.org> User-Agent: Mutt/1.3.21i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Chip wrote: > I have a fbsd 4.0 box running nothing but natd/ipfw, and it appears to be ^^^ I would update to RELENG_4 or RELENG_4_4 even if you don't offer any services to the net. > fairly secure - I ran nmap against it from another fbsd box outside my > network and it shows only the sunrpc port 111 open. I have added to my ipfw > rules a rule that explicity denies port 111. I have also disabled inetd and > yet get the following udp ports showing as open - 111, 514, 520. Use 'sockstat -l4' to find out which processes are binding these ports. 514/udp is sylogd and can be disabled by adding 'syslogd_flags="-ss"' to rc.conf. Additionally it is generally better to start with denying everything and make rules to allow only whats really needed. -- Benedikt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message