newbie question
Chuck Swiger
cswiger at mac.com
Mon May 31 10:58:11 PDT 2004
El DaEm0n wrote:
> ok my problem is when i made a portscan to my server in another pc it
> revealed my open ports, so all i wanna do is when i made a ports scan
> from another pc to my server mi IPFW show to portscan that my system
> appears down,
You probably want to use something like this, from "man ipfw":
The typical use of dynamic rules is to keep a closed firewall configura-
tion, but let the first TCP SYN packet from the inside network install a
dynamic rule for the flow so that packets belonging to that session will
be allowed through the firewall:
ipfw add check-state
ipfw add allow tcp from my-subnet to any setup keep-state
ipfw add deny tcp from any to any
Going beyond these examples to a meaningful firewall configuration involves
thinking about your security policy, considering roles and required services,
etc....
--
-Chuck
More information about the freebsd-ipfw
mailing list