From owner-freebsd-questions Sun Mar 25 10: 0: 5 2001 Delivered-To: freebsd-questions@freebsd.org Received: from femail2.rdc1.on.home.com (femail2.rdc1.on.home.com [24.2.9.89]) by hub.freebsd.org (Postfix) with ESMTP id 5A7F337B718 for ; Sun, 25 Mar 2001 09:59:59 -0800 (PST) (envelope-from no1-carl@home.com) Received: from Demon ([24.157.128.168]) by femail2.rdc1.on.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with SMTP id <20010325175951.NMEG1545.femail2.rdc1.on.home.com@Demon> for ; Sun, 25 Mar 2001 09:59:51 -0800 Content-Type: text/plain; charset="iso-8859-1" From: Carl To: freebsd-questions@FreeBSD.ORG Subject: Dynamic ipfw ruleset to block all unrequested packets... Date: Sun, 25 Mar 2001 12:58:52 -0500 X-Mailer: KMail [version 1.2] MIME-Version: 1.0 Message-Id: <01032512585203.00338@Demon> Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello, I have been reading through the firewall literature and have set up a very simple firewall. It is just for my home connection to my cable modem service. I do have a router attached to the cable modem that has my FreeBSD machine as a DMZ. The router's IP is 192.168.1.1 and it assigns my FreeBSD box 192.168.1.100. The following is my rc.firewall file snippet: ############ # Local IP address of my computer ip="192.168.1.100" ############ # Dynamic rule set that only allows packets # that have been requested by this IP ${fwcmd} add check-state ${fwcmd} add deny log all from not ${ip} to any ${fwcmd} add pass all from ${ip} to any keep-state When I use nmap to scan myself (ie: nmap -sS -p 111 ) it lists the sunrpc port as filtered (better than open), but I was wondering if is possible to make this port disappear? The other strange thing, when I ping myself (ie: ping ) the ICMP packets get through. Is this because I am not pinging my machine from an outside source? If so why doesn't nmap behave the same way? I have compiled my kernel with all the necessities for the firewall including others like SYN/FIN and RST dropping. I have enabled the firewall as well as SYN/FIN and RST dropping in rc.conf as well. Am I just too paranoid, or do things seem ok the way they are set? Thanks... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message