ipfw rules for all interfaces not working ...

[Gore Jarold]

My main goal is to lock down my ipfw rules so that
when I run nmap, all I see is:

Interesting ports on 192.168.0.10:
Not shown: 1677 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
MAC Address: 00:12:D8:A2:23:C2

Nmap finished: 1 IP address (1 host up) scanned in
9.791 seconds

So that means I will need to explicitly block all
ports except for the ones I have real servers running
on.

That's easy.

The problem is, this is a laptop and so sometimes iwi0
exists and sometimes it doesn't, and sometimes xl0
exists and sometimes it doesn't ... and that is why my
ipfw rules look like this:

00010     0        0 allow ip from any to any via lo0
00020     0        0 deny ip from any to 127.0.0.0/8
01000 18134 10505749 allow tcp from any to any
established
04000  1498    84280 allow icmp from any to any
04001    27     1728 allow tcp from any to any
dst-port 22 setup
04008     0        0 deny log logamount 100 ip from
any to any recv all
65535 15202  2569754 allow ip from any to any

See - in rule 04008, I say to deny "ip from any to any
recv all" - so that no matter what interface(s) I have
up, and no matter what their addresses are, this one
deny rule will apply to them.

THe problem is, it doesn't work.

As you can see, the counter on that rule is zero, and
when I nmap the system I can see things like samba and
http, etc., even though the only port I am allowing
through is TCP 22.

Why is this ?


     
____________________________________________________________________________________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping


      ____________________________________________________________________________________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping