From owner-freebsd-ipfw@FreeBSD.ORG  Mon May 31 10:58:11 2004
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9A5DC16A4CE
	for <freebsd-ipfw@freebsd.org>; Mon, 31 May 2004 10:58:11 -0700 (PDT)
Received: from out012.verizon.net (out012pub.verizon.net [206.46.170.137])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2C54343D1D
	for <freebsd-ipfw@freebsd.org>; Mon, 31 May 2004 10:58:11 -0700 (PDT)
	(envelope-from cswiger@mac.com)
Received: from [192.168.1.3] ([68.161.84.3]) by out012.verizon.net
          (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP
          id <20040531175800.YFXX2198.out012.verizon.net@[192.168.1.3]>;
          Mon, 31 May 2004 12:58:00 -0500
Message-ID: <40BB7228.904@mac.com>
Date: Mon, 31 May 2004 13:58:00 -0400
From: Chuck Swiger <cswiger@mac.com>
Organization: The Courts of Chaos
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.7) Gecko/20040514
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: El DaEm0n <jackass_wasa@hotmail.com>
References: <BAY12-F77L4Sxsew2gI0003c448@hotmail.com>
In-Reply-To: <BAY12-F77L4Sxsew2gI0003c448@hotmail.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Authentication-Info: Submitted using SMTP AUTH at out012.verizon.net from
	[68.161.84.3] at Mon, 31 May 2004 12:58:00 -0500
cc: freebsd-ipfw@freebsd.org
Subject: Re: newbie question
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 31 May 2004 17:58:11 -0000

El DaEm0n wrote:
> ok my problem is when i made a portscan to my server  in another pc it 
> revealed my open ports, so all i wanna do is when i made a ports scan 
> from another pc to my server mi IPFW show to portscan that my system 
> appears down,

You probably want to use something like this, from "man ipfw":

      The typical use of dynamic rules is to keep a closed firewall configura-
      tion, but let the first TCP SYN packet from the inside network install a
      dynamic rule for the flow so that packets belonging to that session will
      be allowed through the firewall:

            ipfw add check-state
            ipfw add allow tcp from my-subnet to any setup keep-state
            ipfw add deny tcp from any to any

Going beyond these examples to a meaningful firewall configuration involves 
thinking about your security policy, considering roles and required services, 
etc....

-- 
-Chuck