On 2004.10.27 11:26:00 +, Florian Hengstberger wrote:
> Hi!
>
> I'm compiled a Kernel using the GENERIC config-file that
> comes with the default 5.2.1 installation adding support
> for ipfw.
> I tried to scan my computer with a linux machine running nmap,
> but nmap tells me that the host seems to be down altough I was able
> to ping the freebsd-host.
> So I flushed all rools for the firewall with ipfw flush (the still
> existing default rule enables all trafic because I compiled this in
> my kernel, ipfw -c list told me that this is true.)
> Anyway, nothing changes, all ports seem to be closed running nmap,
> pings are successfull again!
>
> 1) What's wrong with my configuration?
Don't know yet, but what does ipfw show says? Maybe it enabled the /etc/rc.firewall?
> 2) I've tried to add all kernel options to this mail using the online
> handbook from www.freeebsd.org. I realized that the firewall section
> covers now the OpenBSD filter pf. WhatÅs the state of the art?
> How do I enable pf under 5.2.1 - package or port?
To enable PF put in your firewall:
options IPFILTER#ipfilter support
These can be put optionally:
options IPFILTER_LOG#ipfilter logging
options IPFILTER_DEFAULT_BLOCK #block all packets by default
I don't think you want the last one yet, so first comment it out.
> 3) Is there something similar like nmap or is there a BSD-network scanner,
> which usage is recommended?
Dunno, i use nmap on my boxes as well. Works great.
>
> Thanks in advance,
> Florian
>
Your welcome.
Mark.
> --
> Florian Hengstberger
> [EMAIL PROTECTED]
> http://stud3.tuwien.ac.at/~e0025265
> --
>
>
>
>
> ___
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
