Date: Mon, 31 May 2004 13:58:00 -0400 From: Chuck Swiger <cswiger@mac.com> To: El DaEm0n <jackass_wasa@hotmail.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: newbie question Message-ID: <40BB7228.904@mac.com> In-Reply-To: <BAY12-F77L4Sxsew2gI0003c448@hotmail.com> References: <BAY12-F77L4Sxsew2gI0003c448@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
El DaEm0n wrote:
> ok my problem is when i made a portscan to my server in another pc it
> revealed my open ports, so all i wanna do is when i made a ports scan
> from another pc to my server mi IPFW show to portscan that my system
> appears down,
You probably want to use something like this, from "man ipfw":
The typical use of dynamic rules is to keep a closed firewall configura-
tion, but let the first TCP SYN packet from the inside network install a
dynamic rule for the flow so that packets belonging to that session will
be allowed through the firewall:
ipfw add check-state
ipfw add allow tcp from my-subnet to any setup keep-state
ipfw add deny tcp from any to any
Going beyond these examples to a meaningful firewall configuration involves
thinking about your security policy, considering roles and required services,
etc....
--
-Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40BB7228.904>