IPFilter and Nmap
Toan Hoang
ignorabimus2002 at hotmail.com
Wed Sep 24 06:06:14 PDT 2003
>From: Mark Woodson <mwoodson at sricrm.com>
>It's IPFILTER_DEFAULT_BLOCK.
>
>less /usr/src/sys/i386/conf/LINT | grep IPFILTER
>
>That will list out the kernel options with IPFILTER in the line.
Yes, seems ok there...
>Unless the box will not connect with anything, you'll want to at the
>very least add
>
>pass out all on dc0 keep state
added that line, and changed to fxp0 and added
pass in quick on fxp0 proto udp from x.x.x.x/32 to any prot = 38 keep state
>
>You didn't mention rc.conf
>
>ipfilter_enable="YES"
>ipmon_enable="YES"
yes, got that enabled
and also got:
ipmon_flags="-Dsvn"
ipnat_enable=YES"
But does anybody know why I got reported that som many ports is open when I
scan my FreeBSD with Nmap?????
Toan
_________________________________________________________________
Last ned nye MSN Messenger 6.0 gratis http://www.msn.no/computing/messenger
- Den korteste veien mellom deg og dine venner
More information about the freebsd-stable
mailing list