Date: Mon, 26 Sep 2005 12:07:15 -0400 From: Matt Juszczak <matt@atopia.net> To: freebsd-questions@freebsd.org Subject: PF default to deny Message-ID: <43381CB3.70003@atopia.net>
next in thread | raw e-mail | index | archive | help
hi all, I have a firewall on my FreeBSD machine. Someone must have taken it down for testing or something because I just checked today, and realized that it was disabled. Checking the auth logs, attempts to login from overseas IP's, etc. have been occuring for at least a week. Two quick questions: 1) SSH, SMUX, CVSPSERVER, and MYSQL were open to the world for about a week..... I've checked through the auth.log file, done a chkrootkit, checked lastlogin, etc.... nothing seems out of the ordinary other than unsuccessful attempts at random usernames, etc. Does anyone have any other ideas on what I can check? 2) Is there a way to set pf to default to deny? That way, if I disable it for testing, it wont kick my existing SSH session out (I'll have keep state set), but it will DENY any new connections. I'd rather have to go to the colo place cause I messed up then get something hacked because I messed up. Thanks! -Matt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43381CB3.70003>