Date: Wed, 10 Nov 1999 16:17:26 +0000 From: Ben Smithurst <ben@scientia.demon.co.uk> To: Giorgos Keramidas <keramida@ceid.upatras.gr> Cc: freebsd-questions@freebsd.org Subject: Re: Port 137 hitting my server Message-ID: <19991110161725.A3387@strontium.scientia.demon.co.uk> In-Reply-To: <86u2mv862r.fsf@localhost.hell.gr> References: <86emdz68a0.fsf@localhost.hell.gr> <Pine.SOL.4.10.9911091512360.25266-100000@icg> <99Nov10.104437est.40326@border.alcanet.com.au> <86u2mv862r.fsf@localhost.hell.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
Giorgos Keramidas wrote:
> In fact FreeBSd does have a nice way of rejecting all these connection
> attempts to port 137, but not a daemon per se. If you don't find
> recompiling the kernel a tedious task to do, the firewall support of
> FreeBSD is quite suitable for this task. A simple set of rules like
>
> 0100 deny udp from any to any 137 via if0
> 0200 pass ip from any to any
>
> should be enough for this task.
You don't even need to recompile the kernel, ipfw works fine as a module
(in my case at least, I'm not sure how you use the various IPFIREWALL_*
options when ipfw is a kld).
--
Ben Smithurst | PGP: 0x99392F7D
ben@scientia.demon.co.uk | key available from keyservers and
| ben+pgp@scientia.demon.co.uk
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991110161725.A3387>