Date: Tue, 11 Nov 2003 07:46:04 -0500 From: "Shawn Guillemette" <shawn@guillemette.org> To: "Simon Gray" <simong@desktop-guardian.com>, <freebsd-questions@freebsd.org> Subject: Re: ipfw question Message-ID: <000b01c3a851$de917d80$6701a8c0@tacstation> References: <006201c3a7ff$a9b227b0$6701a8c0@tacstation> <01ae01c3a84b$5bb0c1b0$1100a8c0@dtg17>
next in thread | previous in thread | raw e-mail | index | archive | help
thank you.. Im realy only blocking 135 due to the MSBlaster and others... no Samba yet ----- Original Message ----- From: "Simon Gray" <simong@desktop-guardian.com> To: "Shawn Guillemette" <shawn@guillemette.org>; <freebsd-questions@freebsd.org> Sent: Tuesday, November 11, 2003 7:00 AM Subject: Re: ipfw question > >63000 0 0 deny log logamount 100 udp from any to any 119 via > sis0 > >63000 24 1152 deny log logamount 100 tcp from any to any 135 via sis0 > >63000 0 0 deny log logamount 100 udp from any to any 135 via > sis0 > > >63000 is the rule number correct? > >IM wondering what the other 2 places are.. > >24 and 1152 > if you're getting 0 on the other rules, it probably means its not running > those rules. > So therefore it won't actually log if it isn't get to that rule. > > also from the looks of things, if you're trying to block windows > filesharing/smb you > might want to block 135 - 139 both tcp/udp (instead of specifiying 135 in > the rule add '135-139') > rather than just 135 tcp/udp > > >Are they inbound and outbound? > well depends (could be both yes), anything thats aimed at tcp 135 will be > denied and > logged > > >Do I make any sence? > > Not really :/ whats the question? > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000b01c3a851$de917d80$6701a8c0>