On Wed, 4 Aug 2004 [EMAIL PROTECTED] wrote:
 > Message: 11

 > > Giorgos Keramidas wrote: 
 > > Show us the full ruleset.  Otherwise we're just guessing...
 > > 
 > My apologies, below is my complete ruleset:


 > #* Deny ident *#
 > $CMD 00315 deny tcp from any to any in via $IFN

I think perhaps you meant:

  $CMD 00315 deny tcp from any to any 113 in via $IFN

as yours denied all remaining TCP, making some rules below irrelevant,
including allows for www, ssh etc if you ever wanted to enable these.

You'd also likely do better using reset rather than deny - assuming this
rule really was meant to block ident - to avoid timeout delays on mail. 

 > #* Deny all Netbios service. 137=name, 138=datagram, 139=session *#
 > #* Netbios is MS/Windows sharing services. *#
 > #* Block MS/Windows hosts2 name server requests 81 *#
 > $CMD 00320 deny tcp from any to any 137 in via $IFN
 > $CMD 00321 deny tcp from any to any 138 in via $IFN
 > $CMD 00322 deny tcp from any to any 139 in via $IFN
 > $CMD 00323 deny tcp from any to any 81 in via $IFN

None of these or any other tcp .. in via $IFN rules below are ever seen.

 > #* Deny ACK packets that did not match the dynamic rule table *#
 > $CMD 00332 deny tcp from any to any established in via $IFN

That rule is also not seen ..

 > #* Reject & Log all incoming connections from the outside *#
 > $CMD 00499 deny log all from any to any in via $IFN

.. nor that one, for TCP packets ..

 > My basis for my rulesets are taken from:
 > http://freebsd.a1poweruser.com:6088/FBSD_firewall/

Cheers, Ian

[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to