> block drop out quick on em0 proto tcp from any to any port = ssh [ > Evaluations: 437 Packets: 0 Bytes: 0 States: 0 ] > > block drop out quick on em0 proto udp from any to any port = ssh [ > Evaluations: 1505 Packets: 0 Bytes: 0 States: 0 ] > > > > My 5.3 server (the oldest I have at this location) used to > show these blocked packets in the log but now doesn't and my > 5.4 machines never have. > I only see them on the daily security run. > > > > My question is, are my servers compromised or am I misreading > the run output? I find it hard to believe that they are > compromised simply because the latest server I setup, every > file system is mounted read only yet I still have this > output. As you can imagine I'm pretty nervous about this and > any help would be awesome!
Yes, RTFMP , with a default policy of block, there is no need for specific rules to stop things like outbound ssh traffic. Logging will tell you the rest. Greg _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
