Re: Fwd: [FreeBSD] ipfw ve kurallar...

[Huzeyfe ONAL]

Merhabalar,

Nmap icin ayzdiginiz kurallar gereksiz. Kurallarinizin basina scrub in 
all yazarsaniz tum o yazdiklarinizin yerine gecer.

Ek olarak  acik portlariniz Nmap ile her zaman acik gorunecektir cunku 
portlariniz acik ve disariya servis vermektedir. Nmap'i ancak IPS 
benzeri bir sistemle (port taramalarini anlayabilen) engelleyebilirsiniz.

Acik olan portlarinizin disardan gorulmesi cok da cekinilecek bir durum 
degil*, onemli olan o portlardan servis veren yazilimlarin guvenli olmasi.


*Kafasina koymus, yeterli bilgiye sahip birinin sizin acik portlarinizi 
bulmasini engelleyemezsiniz.


Sinan wrote:
 
       Hocam pf.conf assadaki gibi bende proftpd yi kaldirdim sistemden 
ssh uzerinden dosyalarımı gondericem su anda istediğim tek sey nmap 
yapilmamasi sisteme portlar taranamasın onunla ilgili altaki ruler ı 
yaptım fakat "nmap -sT -O -P0 10.0.0.20 <http://10.0.0.20>" yaptiğimiz 
zaman yine acik olan portları gosterio bu ruler da eksik ne var hocam 
sizce ek olarak ne eklemem gerekiyor bu nmap da portlar gozukmesin die 
saygılar hocam...
 
 
*****************************
ext_if="le0"
ext_ip="{10.0.0.19 <http://10.0.0.19/> , 10.0.0.20 <http://10.0.0.20/> }"


scrub in all
pass quick on lo0 keep state
pass in quick on $ext_if inet proto tcp from any to $ext_ip port {22, 
80} keep state flags S/SA
pass in quick on $ext_if inet proto tcp from any to $ext_ip port = 53 
keep state flags S/SA
pass in quick on $ext_if inet proto udp from any to $ext_ip port = 53 
keep state

 


#default to deny
block in log all
block out log all

# Block bad tcp flags from malicious people and nmap scans

block in log quick on $ext_if proto tcp from any to any flags /S
block in log quick on $ext_if proto tcp from any to any flags /SFRA
block in log quick on $ext_if proto tcp from any to any flags /SFRAU
block in log quick on $ext_if proto tcp from any to any flags A/A
block in log quick on $ext_if proto tcp from any to any flags F/SFRA
block in log quick on $ext_if proto tcp from any to any flags U/SFRAU
block in log quick on $ext_if proto tcp from any to any flags SF/SF
block in log quick on $ext_if proto tcp from any to any flags SF/SFRA
block in log quick on $ext_if proto tcp from any to any flags SR/SR
block in log quick on $ext_if proto tcp from any to any flags FUP/FUP
block in log quick on $ext_if proto tcp from any to any flags FUP/SFRAUPEW
block in log quick on $ext_if proto tcp from any to any flags SFRAU/SFRAU
block in log quick on $ext_if proto tcp from any to any flags SFRAUP/SFRAUP
block in log quick on $ext_if proto tcp all flags FUP/FUP


pass out quick on $ext_if inet proto tcp all modulate state flags S/SA
pass out quick on $ext_if inet proto { udp, icmp } all keep state
block in quick all
block out quick all

 ****************************************************


 


FreeBSD 6 kitabi: http://www.acikakademi.com/catalog/freebsd6
---------------------------------------------------------------------
Listeye soru sormadan once lutfen http://ipucu.enderunix.org sitesine bakiniz.

Cikmak icin, e-mail: [EMAIL PROTECTED]
Liste arsivi: http://news.gmane.org/gmane.org.user-groups.bsd.turkey