Lista! Estou montando um firewall 'closed' e configurei as regras abaixo:
net.inet.ip.fw.one_pass: 0 # ipfw list 00100 check-state 00200 allow ip from any to any via lo0 00300 deny ip from any to 127.0.0.0/8 00400 deny ip from 127.0.0.0/8 to any 00500 reset log tcp from any to any tcpflags syn,fin 00600 reset log tcp from any to any tcpflags syn,rst 00700 unreach filter-prohib log icmp from any to any frag 00800 unreach filter-prohib log icmp from any to any iplen 512-65535 00900 allow icmp from any to any 01000 unreach filter-prohib log ip from any to any dst-port 135,137,138,139,445 in via em0 01100 unreach filter-prohib log tcp from any to any ipoptions ssrr,lsrr,rr in via em0 01200 deny log udp from any 5678 to any dst-port 5678 in via em0 01300 allow tcp from table(1) to any dst-port 22 setup keep-state ... 65534 deny log ip from any to any # Alguma dica sobre o que mais posso implementar? Sds, Daniel __________ Informação do ESET NOD32 Antivirus, versão da vacina 4250 (20090716) __________ A mensagem foi verificada pelo ESET NOD32 Antivirus. http://www.eset.com ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
