Firewall and nmap

Mark Frasa bsd at frasa.net
Wed Oct 27 02:34:31 PDT 2004 

On 2004.10.27 11:26:00 +0000, Florian Hengstberger wrote:
> Hi!
> 
> I'm compiled a Kernel using the GENERIC config-file that
> comes with the default 5.2.1 installation adding support
> for ipfw.
> I tried to scan my computer with a linux machine running nmap,
> but nmap tells me that the host seems to be down altough I was able
> to ping the freebsd-host.
> So I flushed all rools for the firewall with ipfw flush (the still
> existing default rule enables all trafic because I compiled this in
> my kernel, ipfw -c list told me that this is true.)
> Anyway, nothing changes, all ports seem to be closed running nmap,
> pings are successfull again!
> 
> 1) What's wrong with my configuration?

Don't know yet, but what does ipfw show says? Maybe it enabled the /etc/rc.firewall?

> 2) I've tried to add all kernel options to this mail using the online
> handbook from www.freeebsd.org. I realized that the firewall section
> covers now the OpenBSD filter pf. WhatŽs the state of the art?
> How do I enable pf under 5.2.1 - package or port?

To enable PF put in your firewall:

options         IPFILTER                #ipfilter support

These can be put optionally:
options         IPFILTER_LOG            #ipfilter logging   
options         IPFILTER_DEFAULT_BLOCK  #block all packets by default

I don't think you want the last one yet, so first comment it out.

> 3) Is there something similar like nmap or is there a BSD-network scanner,
> which usage is recommended?

Dunno, i use nmap on my boxes as well. Works great.

> 
> Thanks in advance,
> Florian
> 

Your welcome.

Mark.

> ------------------------------------------------------
> Florian Hengstberger
> e0025265 at student.tuwien.ac.at
> http://stud3.tuwien.ac.at/~e0025265
> ------------------------------------------------------
> 
> 
> 
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list