Re: PF default to deny

[Peter N. M. Hansteen]

Matt Juszczak <[EMAIL PROTECTED]> writes:

> 2) Is there a way to set pf to default to deny?  

"block all" as your first filtering rule, followed by explicit pass
rules for the stuff you want to pass.

I thought most of the howtoish docs out there recommended that approach,
but here at least is one that does - http://www.bgnett.no/~peter/pf/

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
"First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

PF default to deny

[Matt Juszczak]

hi all,

I have a firewall on my FreeBSD machine.  Someone must have taken it 
down for testing or something because I just checked today, and realized 
that it was disabled.


Checking the auth logs, attempts to login from overseas IP's, etc. have 
been occuring for at least a week.


Two quick questions:

1)  SSH, SMUX, CVSPSERVER, and MYSQL were open to the world for about a 
week. I've checked through the auth.log file, done a chkrootkit, 
checked lastlogin, etc nothing seems out of the ordinary other than 
unsuccessful attempts at random usernames, etc.  Does anyone have any 
other ideas on what I can check?


2) Is there a way to set pf to default to deny?  That way, if I disable 
it for testing, it wont kick my existing SSH session out (I'll have keep 
state set), but it will DENY any new connections.  I'd rather have to go 
to the colo place cause I messed up then get something hacked because I 
messed up.



Thanks!

-Matt
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"