Are 4 IPFW rules enough?
Bill Moran
wmoran at potentialtech.com
Wed Jun 16 04:21:51 PDT 2004
Kevin Curran <kevin at curranfamilynet.net> wrote:
> I have a cable modem and I'm using 4.9 as a NAT router for my home
> network. I have 4 rules in my ipfw config. The first enables NAT and
> the last is 65000 allow any to any.
>
> In between I ha 2 rules to deny access to ports 53 and 110 on the
> Internet side. That's all.
>
> Here's my thinking: I use inetd.conf to enable only the services I want,
> therefore the ports on which those services are listening I would want
> open. The two other ports I want to filter on the WAN side are filtered
> by the rules above. All the other ports are closed, anyway, so why
> spend time debugging an elaborate rule set?
Check the output of "sockstat -4" to ensure that you don't have anything running
that you aren't aware of ... syslogd is a typical culpret. You'll probably
have to add syslogd_flags="-ss" to /etc/rc.conf
Otherwise, you're probably good, execpt that there are some spoofing techniques
that may be able to get around such a ruleset. That's beyond my expertise,
however.
--
Bill Moran
Potential Technologies
http://www.potentialtech.com
More information about the freebsd-questions
mailing list