Re: Firewall Rules OBSD 4.6
- From: "DoN. Nichols" <BPdnicholsBP@xxxxxxxxxxx>
- Date: 10 Oct 2010 01:48:17 GMT
On 2010-10-09, <jch@xxxxxxxxxx> <jch@xxxxxxxxxx> wrote:
On Sat, 9 Oct 2010 06:23:35 UTC, <jch@xxxxxxxxxx> wrote:
[. . . . .]
_____As a final not, X Windows runs just fine with the default fvwm setup.
That is good news
Yes. I even reused my root and user .fvwmrc files that
worked just fine.
Tonight i am going to retest the old OBSD 3.9 pf.conf file to see what
happens when i correct the "scrub" command.
More later should i get results.
_____
Good news,
I removed the offending "scrub" command, and put instead "match in all
scrub (no-df max-mss 1440)" to sanitise packets. Now the OBSD 4.6
firewall functions correctly using the ruleset i have been using since
i installed OBSD 3.9 on an old IBM 365 PC.
Great!
The "Shields Up" test from
www.grc.com reports full "stealth" on commonly used ports, but sees
_one_ closed port at number 68. I don't know if this presents a
problem or not. Does anybody know what that port is for?
Look in /etc/services. Openbsd seems to have the most complete
version of any system which I have, and it says:
======================================================================
bootpc 68/tcp # BOOTP client
bootpc 68/udp
======================================================================
So the system could have used bootp to boot from another system running
the BOOTP server (port 67). The "pc" at the end of the name of the port
has nothing to do with the IBM/PC and later clones, but rather the "p"
is part of "bootp", and the 'c' is "client", while the server has an 's'
instead.
Since it is a client, not a server, and it is closed once the
boot is complete (maybe even during boot -- I don't know for sure) I
think that it is not a serious problem.
One of the benefits of using your Mac Mini is that it is not
running the most common CPU (Intel i386 family), so the most common
attacks would not run even if they found a way to inject code. Just why
I use an old UltraSPARC CPU as my firewall.
Tomorrow i shall run some download tests to see how fast this Mac Mini
is compared with the old IBM365 PC which has a 200 MHz CPU, 64 Mb RAM,
two 10/100 PCI NICs. The Mini is probaly overkill, but when i need to
to a video conference, faster is better.
And the question is "How fast is that USB interfaced interface
compared to the other in real service?"
The speed of the service
provider's lines appears to be adequate for video with the old IBM 365
PC as firewall. It shall become a spare.
O.K.
Glad that you got it working.
Good Luck,
DoN.
--
Remove oil spill source from e-mail
Email: <BPdnicholsBP@xxxxxxxxxxx> | Voice (all times): (703) 938-4564
(too) near Washington D.C. | http://www.d-and-d.com/dnichols/DoN.html
--- Black Holes are where God is dividing by zero ---
.
- References:
- Firewall Rules OBSD 4.6
- From: jch
- Re: Firewall Rules OBSD 4.6
- From: DoN. Nichols
- Re: Firewall Rules OBSD 4.6
- From: jch
- Re: Firewall Rules OBSD 4.6
- From: jch
- Firewall Rules OBSD 4.6
- Prev by Date: Re: Firewall Rules OBSD 4.6
- Previous by thread: Re: Firewall Rules OBSD 4.6
- Index(es):
Relevant Pages
|
