|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Getting port scans while I would think that the system that is sc anned is not reachable because of my pf rules
From: forums (forum
vanleeuwen.nl)
Date: Mon Feb 07 2005 - 02:58:54 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello,
I have the following situation, OpenBSD 3.6 is my Front-Firewall, the NIC on
the Internet side is FXP0
On the inside I have a NIC called XL0 which is connected to a Back-Firewall
(cross cable).
I only want traffic going to the internet if it was setup/requested by the
back-firewall first (statefull of course).
Back-Firewall <---> XL0 OpenBSD3.6 FXP0 ----> Internet
So, i have this :
# pfctl -s rules
scrub in all fragment reassemble
block drop in all
block drop out all
block return-rst in on fxp0 inet proto tcp from any to any port = auth
pass in on xl0 inet from <ip back firewall> to any
pass out on xl0 inet from any to <ip back firewall>
pass out on fxp0 proto tcp all flags S/SA modulate state
pass out on fxp0 proto udp all keep state
pass out on fxp0 proto icmp all keep state
Now, my back-firewall still tells me that it is getting port scans from the
Internet, but i would think the system would not be reachable at all because
I block everything in that direction unless it was setup first ?
Both systems do have a internet ip address, devided by subnetting. So there
is no NAT being done.
What am I missing here ? Why do port scans still reach my internal Firewall
?
regards
Willem
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]