The linux firewall I use for slackware is a simple install and it "stealths" or blocks all ports when I test it on http://www.hackerwatch.org/probe/ .

The FreeBSD firewall ipf that I've been trying to configure does not want to do this for me.The test says all ports are closed but they are not blocked.

Should I be concerned?

Would anyone be nice enough to post some generic rules for the ipf rules file that would be fine for a desktop that is on a cable modem that is always connected to the net.I need to be able to play games online with it as well.Thx in advance.

ok,so now I went with IPFW and that stealths the open ports but now I can not access some sites or use xqf to connect to master servers-unless I disable the firewall.I am using the config for ipfw.rules provided in freebsd docs.

Better than nothing I suppose but I would like to use xqf+stat to query servers and play online and be somewhat protected.Anyone have some sample ipfw.rules that might be useful here?

Thx in advance.

What exactly are you trying to do, secure your computer by closing ports or make the computer look like it's not even there by not even sending a Port Unreachable? In my oppinion they are both equally secure since preventing a Port Unreachable reply won't fool anyone knowing what they are doing.

Yes,Thats more or less what I wanted to know.Wether a port being stealthed or a port simply being closed made much of a difference.

All I'm trying to do is run a desktop firewalled that allows XQF and games like Quake to be playable over the net.I've pretty much done that now but in order to use XQF I must UNcomment out this line:


# No restrictions on Inside Lan Interface for private network
# Not needed unless you have Lan.
# Change xl0 to your Lan Nic card interface name
#################################################################

$cmd 00005 allow all from any to any via dc0


Is that unwise or does it really matter for Joe desktop?

Sorry, don't know anything about ipf or ipfw but from what I gather from the comments the script/ruleset you are using is most likely made for a router and not for a desktop. You might want to look at some other script/ruleset designed with desktops in mind, those are often more simple than those for routers.

This one might be what you want: http://ed.asisaid.com/cugbsd1.html

Thanks for that link.
You are right I think about the router.It never occured to me because I have little experience with FreeBSD.But I'm learning.
The rules posted at that link are for dial-up so as I am on cable what would I have to change in those rules besides the lo0 part?

The lo0-parts should be kept as they are since they concern the loopback-interface and some programs might behave funny if you don't set it up correctly.

This script does not mention any specific interface to use which is good if you only have one. Funny thing is though that I believe that you can remove the three lines concerning lo0 since the three lines below will work for them too, but I'm not sure so it might be a good idea to keep them.

Thanks man!
Everything seems to work well enough.