LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > *BSD
User Name
Password
*BSD This forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.

Notices

Reply
 
Search this Thread
Old 11-05-2004, 07:14 PM   #1
mortal
Member
 
Registered: Mar 2004
Location: Soviet Kanuckistan
Distribution: Slackware 12.2
Posts: 206

Rep: Reputation: 30
freebsd +firewall +newb


The linux firewall I use for slackware is a simple install and it "stealths" or blocks all ports when I test it on http://www.hackerwatch.org/probe/ .

The FreeBSD firewall ipf that I've been trying to configure does not want to do this for me.The test says all ports are closed but they are not blocked.

Should I be concerned?

Would anyone be nice enough to post some generic rules for the ipf rules file that would be fine for a desktop that is on a cable modem that is always connected to the net.I need to be able to play games online with it as well.Thx in advance.
 
Old 11-06-2004, 10:50 AM   #2
mortal
Member
 
Registered: Mar 2004
Location: Soviet Kanuckistan
Distribution: Slackware 12.2
Posts: 206

Original Poster
Rep: Reputation: 30
ok,so now I went with IPFW and that stealths the open ports but now I can not access some sites or use xqf to connect to master servers-unless I disable the firewall.I am using the config for ipfw.rules provided in freebsd docs.

Better than nothing I suppose but I would like to use xqf+stat to query servers and play online and be somewhat protected.Anyone have some sample ipfw.rules that might be useful here?

Thx in advance.
 
Old 11-07-2004, 11:10 AM   #3
Yorthen
LQ Newbie
 
Registered: Jun 2004
Posts: 14

Rep: Reputation: 0
What exactly are you trying to do, secure your computer by closing ports or make the computer look like it's not even there by not even sending a Port Unreachable? In my oppinion they are both equally secure since preventing a Port Unreachable reply won't fool anyone knowing what they are doing.
 
Old 11-07-2004, 01:05 PM   #4
mortal
Member
 
Registered: Mar 2004
Location: Soviet Kanuckistan
Distribution: Slackware 12.2
Posts: 206

Original Poster
Rep: Reputation: 30
Yes,Thats more or less what I wanted to know.Wether a port being stealthed or a port simply being closed made much of a difference.

All I'm trying to do is run a desktop firewalled that allows XQF and games like Quake to be playable over the net.I've pretty much done that now but in order to use XQF I must UNcomment out this line:


# No restrictions on Inside Lan Interface for private network
# Not needed unless you have Lan.
# Change xl0 to your Lan Nic card interface name
#################################################################

$cmd 00005 allow all from any to any via dc0


Is that unwise or does it really matter for Joe desktop?

Last edited by mortal; 11-07-2004 at 01:07 PM.
 
Old 11-07-2004, 04:26 PM   #5
Yorthen
LQ Newbie
 
Registered: Jun 2004
Posts: 14

Rep: Reputation: 0
Sorry, don't know anything about ipf or ipfw but from what I gather from the comments the script/ruleset you are using is most likely made for a router and not for a desktop. You might want to look at some other script/ruleset designed with desktops in mind, those are often more simple than those for routers.

This one might be what you want: http://ed.asisaid.com/cugbsd1.html
 
Old 11-07-2004, 05:55 PM   #6
mortal
Member
 
Registered: Mar 2004
Location: Soviet Kanuckistan
Distribution: Slackware 12.2
Posts: 206

Original Poster
Rep: Reputation: 30
Thanks for that link.
You are right I think about the router.It never occured to me because I have little experience with FreeBSD.But I'm learning.
The rules posted at that link are for dial-up so as I am on cable what would I have to change in those rules besides the lo0 part?
 
Old 11-07-2004, 11:29 PM   #7
Yorthen
LQ Newbie
 
Registered: Jun 2004
Posts: 14

Rep: Reputation: 0
The lo0-parts should be kept as they are since they concern the loopback-interface and some programs might behave funny if you don't set it up correctly.

This script does not mention any specific interface to use which is good if you only have one. Funny thing is though that I believe that you can remove the three lines concerning lo0 since the three lines below will work for them too, but I'm not sure so it might be a good idea to keep them.
 
Old 11-08-2004, 10:14 AM   #8
mortal
Member
 
Registered: Mar 2004
Location: Soviet Kanuckistan
Distribution: Slackware 12.2
Posts: 206

Original Poster
Rep: Reputation: 30
Thanks man!
Everything seems to work well enough.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
from one newb to others: getting KDE/Gnome going in FreeBSD 5.3 sheepdogj15 *BSD 8 12-18-2004 05:53 AM
freebsd firewall, second nic problem jedimastermopar *BSD 6 10-13-2004 10:42 PM
newb freebsd questions introuble *BSD 23 06-25-2004 01:50 AM
FreeBSD firewall and dynamic IP-address Mikessu *BSD 3 04-19-2004 10:33 AM
please help a newb set up a router/firewall basatum Linux - Networking 1 09-20-2003 10:03 AM


All times are GMT -5. The time now is 05:21 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration