Re: Configuring PF
From: Loren M. Lang (lorenl_at_alzatex.com)
Date: 02/20/05
- Previous message: Loren M. Lang: "Re: Unexpected resolver behavior"
- In reply to: Pat Maddox: "Configuring PF"
- Next in thread: Pat Maddox: "Re: Configuring PF"
- Reply: Pat Maddox: "Re: Configuring PF"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sun, 20 Feb 2005 06:23:39 -0800 To: Pat Maddox <pergesu@gmail.com>
On Mon, Feb 14, 2005 at 09:32:25PM -0700, Pat Maddox wrote:
> I want to install a firewall on my system. First of all, is PF the
> one I should be using? It seems to get the most recommendations.
>
> I don't actually seem to have any problems configuring it - I just
> have some problems testing the configuration. I can ssh to the box,
> and I can access port 80...but I'd like to be able to just scan it to
> quickly see what's up. When PF is disabled, I can nmap it in about 9
> seconds. When I turn it on, it takes over 3 minutes to do. These
> machines are on the same network, so the connection is obviously fast.
This is a good thing, IMHO. Think about all those script kiddies
sitting out there looking for a nice, juicy server to compromise. If it
takes them 3 minutes to port scan your machine, they'll probably cancel
it before it's finished and move on.
I believe what's happening is that all ports that aren't open are
configured to drop packets instead of reject them like is default.
Reject means send back an error message saying port is closed where
dropping just ignores it. The port scanner sends out a request and
waits for a response, either "Hello," or "Sorry, I'm closed." It will
wait quite a while before it decides that nothings there.
>
> Are there any good, pretty simple guides on setting up PF? I'm having
> a tough time understanding what the rulesets all mean.
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
-- I sense much NT in you. NT leads to Bluescreen. Bluescreen leads to downtime. Downtime leads to suffering. NT is the path to the darkside. Powerful Unix is. Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc Fingerprint: B3B9 D669 69C9 09EC 1BCD 835A FAF3 7A46 E4A3 280C _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
- Previous message: Loren M. Lang: "Re: Unexpected resolver behavior"
- In reply to: Pat Maddox: "Configuring PF"
- Next in thread: Pat Maddox: "Re: Configuring PF"
- Reply: Pat Maddox: "Re: Configuring PF"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
