Firewall and nmap

From: Florian Hengstberger (e0025265_at_student.tuwien.ac.at)
Date: 10/27/04

  • Next message: Ted Mittelstaedt: "RE: GPL vs BSD Licence" 
    Date: Wed, 27 Oct 2004 11:26:00 +0200
To: "FreeBSD mailinglist" <freebsd-questions@freebsd.org>

    Hi!

    I'm compiled a Kernel using the GENERIC config-file that
    comes with the default 5.2.1 installation adding support
    for ipfw.
    I tried to scan my computer with a linux machine running nmap,
    but nmap tells me that the host seems to be down altough I was able
    to ping the freebsd-host.
    So I flushed all rools for the firewall with ipfw flush (the still
    existing default rule enables all trafic because I compiled this in
    my kernel, ipfw -c list told me that this is true.)
    Anyway, nothing changes, all ports seem to be closed running nmap,
    pings are successfull again!

    1) What's wrong with my configuration?
    2) I've tried to add all kernel options to this mail using the online
    handbook from www.freeebsd.org. I realized that the firewall section
    covers now the OpenBSD filter pf. What´s the state of the art?
    How do I enable pf under 5.2.1 - package or port?
    3) Is there something similar like nmap or is there a BSD-network scanner,
    which usage is recommended?

    Thanks in advance,
    Florian

    ------------------------------------------------------
    Florian Hengstberger
    e0025265@student.tuwien.ac.at
    http://stud3.tuwien.ac.at/~e0025265
    ------------------------------------------------------

    _______________________________________________
    freebsd-questions@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-questions
    To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

  • Next message: Ted Mittelstaedt: "RE: GPL vs BSD Licence"

    Relevant Pages

    • Re: Firewall and nmap
      ... On 2004.10.27 11:26:00 +0000, Florian Hengstberger wrote: ... > So I flushed all rools for the firewall with ipfw flush (the still ... > Anyway, nothing changes, all ports seem to be closed running nmap, ...
      (freebsd-questions)
    • Re: FreeBSD Gateway problems
      ... >speed connection for 3 years now, and I've just gotten it back. ... >Well all these other How-Tos I found on FreeBSDDiary.org told me all I needed ... To use ipfw adding these options to your kernel is a good place to start: ...
      (freebsd-questions)
    • Re: natd -redirect_port
      ... > into the kernel. ... > IPFW is delivered as an bootable module. ... > You need this in rc.conf to enable ipfw, ...
      (freebsd-questions)
    • Re: [PATCH] ng_tag - new netgraph node, please test (L7 filtering possibility)
      ... For simple using, however, you don't need to bother all that details - just remember magic number and where to place it, and it is now simple for use with ipfw tags. ... Currently the only analyzing node in FreeBSD src tree is ng_bpf, but it merely splits incoming packets in two streams, matched and not. ... There are reasons to this, as netgraph needs to be modular, and each node does a small thing, but does it well. ... For long time ng_bpf was used for another purposes in the kernel, and now, as new ipfw features appeared, ng_tag came up for easy integration. ...
      (freebsd-current)
    • Re: [PATCH] ng_tag - new netgraph node, please test (L7 filtering possibility)
      ... For simple using, however, you don't need to bother all that details - just remember magic number and where to place it, and it is now simple for use with ipfw tags. ... Currently the only analyzing node in FreeBSD src tree is ng_bpf, but it merely splits incoming packets in two streams, matched and not. ... There are reasons to this, as netgraph needs to be modular, and each node does a small thing, but does it well. ... For long time ng_bpf was used for another purposes in the kernel, and now, as new ipfw features appeared, ng_tag came up for easy integration. ...
      (freebsd-isp)