From owner-freebsd-stable@FreeBSD.ORG  Wed Sep 24 06:06:14 2003
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 23F1816A4C0
	for <freebsd-stable@freebsd.org>;
	Wed, 24 Sep 2003 06:06:14 -0700 (PDT)
Received: from hotmail.com (sea1-f107.sea1.hotmail.com [207.68.163.107])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 62C2644017
	for <freebsd-stable@freebsd.org>;
	Wed, 24 Sep 2003 06:06:08 -0700 (PDT)
	(envelope-from ignorabimus2002@hotmail.com)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Wed, 24 Sep 2003 05:39:28 -0700
Received: from 213.115.16.68 by sea1fd.sea1.hotmail.msn.com with HTTP;
	Tue, 23 Sep 2003 08:16:58 GMT
X-Originating-IP: [213.115.16.68]
X-Originating-Email: [ignorabimus2002@hotmail.com]
From: "Toan Hoang" <ignorabimus2002@hotmail.com>
To: freebsd-stable@freebsd.org
Date: Tue, 23 Sep 2003 10:16:58 +0200
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <Sea1-F107JDUdq96Aqr00001a93@hotmail.com>
X-OriginalArrivalTime: 24 Sep 2003 12:39:28.0789 (UTC)
	FILETIME=[E52A2450:01C38298]
Subject: Re: IPFilter and Nmap
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Sep 2003 13:06:14 -0000

>From: Mark Woodson <mwoodson@sricrm.com>
>It's IPFILTER_DEFAULT_BLOCK.
>
>less /usr/src/sys/i386/conf/LINT | grep IPFILTER
>
>That will list out the kernel options with IPFILTER in the line.

Yes, seems ok there...

>Unless the box will not connect with anything, you'll want to at the
>very least add
>
>pass out all on dc0 keep state

added that line, and changed to fxp0 and added
pass in quick on fxp0 proto udp from x.x.x.x/32 to any prot = 38 keep state
>
>You didn't mention rc.conf
>
>ipfilter_enable="YES"
>ipmon_enable="YES"

yes, got that enabled
and also got:
ipmon_flags="-Dsvn"
ipnat_enable=YES"

But does anybody know why I got reported that som many ports is open when I 
scan my FreeBSD with Nmap?????

Toan

_________________________________________________________________
Last ned nye MSN Messenger 6.0 gratis http://www.msn.no/computing/messenger 
- Den korteste veien mellom deg og dine venner