OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Colin Faber (cfaberfpsn.net)
Date: Mon Jul 01 2002 - 19:52:29 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Do you have a rule in place which precludes 550 ?

    nascar24 wrote:
    >
    > What I mean is that I want to grand acces to the internet. But only to ports
    > I 'trust', like 80,21,22 etc. But when I make a rule like:
    >
    > add 550 allow ip from me to any 80,21,22
    >
    > I cannot acces a website, that puzzles me.
    >
    > > On Mon, Jul 01, 2002 at 15:57 +0200, nascar24 wrote:
    > > >
    > > > I've been using the IPFW for some time now but I have one problem. I
    > have
    > > > closed my firewall (I guess) from attacks from the outside world. But I
    > am
    > > > open to attacks from within, i.e: trojan horses etc.
    > > >
    > > > Here is my rc.firewall.rules file. I think it is in rule 500 & 550. But
    > if I
    > > > change them to 21,22,80,8080 I cannot connect to any websites or FTP
    > sites.
    > > >
    > > > [ filter rule set snipped ]
    > > >
    > > > I hope you can help, thanks in advance.
    > >
    > > What exactly is your question?
    > >
    > > If you want to "less trust the inside", close the inner interface
    > > as much as you did with the outside.
    > >
    > > If you are looking for hints on how to generally improve your
    > > filter rules I strongly suggest you have a look at the ipfilter
    > > HowTo -- even if you don't use ipf: this document talks about
    > > the basics, too, plus derives / designes a rule set from bottom
    > > up. Visit www.ipfilter.org or look at the misc/26763 PR (Cyrille
    > > Lefevre, "installing ipfilter sample files to share/examples").
    > >
    > >
    > > virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76
    > > Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittiggmx.net
    > > --
    > > If you don't understand or are scared by any of the above
    > > ask your parents or an adult to help you.
    > >
    > > To Unsubscribe: send mail to majordomoFreeBSD.org
    > > with "unsubscribe freebsd-security" in the body of the message
    >
    > To Unsubscribe: send mail to majordomoFreeBSD.org
    > with "unsubscribe freebsd-security" in the body of the message 

    -- 
Colin Faber
(303) 736-5160
fpsn.net, Inc.

    To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message