Firewall and nmap
Mark Frasa
bsd at frasa.net
Wed Oct 27 02:34:31 PDT 2004
On 2004.10.27 11:26:00 +0000, Florian Hengstberger wrote:
> Hi!
>
> I'm compiled a Kernel using the GENERIC config-file that
> comes with the default 5.2.1 installation adding support
> for ipfw.
> I tried to scan my computer with a linux machine running nmap,
> but nmap tells me that the host seems to be down altough I was able
> to ping the freebsd-host.
> So I flushed all rools for the firewall with ipfw flush (the still
> existing default rule enables all trafic because I compiled this in
> my kernel, ipfw -c list told me that this is true.)
> Anyway, nothing changes, all ports seem to be closed running nmap,
> pings are successfull again!
>
> 1) What's wrong with my configuration?
Don't know yet, but what does ipfw show says? Maybe it enabled the /etc/rc.firewall?
> 2) I've tried to add all kernel options to this mail using the online
> handbook from www.freeebsd.org. I realized that the firewall section
> covers now the OpenBSD filter pf. WhatŽs the state of the art?
> How do I enable pf under 5.2.1 - package or port?
To enable PF put in your firewall:
options IPFILTER #ipfilter support
These can be put optionally:
options IPFILTER_LOG #ipfilter logging
options IPFILTER_DEFAULT_BLOCK #block all packets by default
I don't think you want the last one yet, so first comment it out.
> 3) Is there something similar like nmap or is there a BSD-network scanner,
> which usage is recommended?
Dunno, i use nmap on my boxes as well. Works great.
>
> Thanks in advance,
> Florian
>
Your welcome.
Mark.
> ------------------------------------------------------
> Florian Hengstberger
> e0025265 at student.tuwien.ac.at
> http://stud3.tuwien.ac.at/~e0025265
> ------------------------------------------------------
>
>
>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list