[FUG-BR] Ajuda ipfw e pergunta sobre PeerGuardian.
web 2.0
gnu.groups em gmail.com
Quarta Maio 28 15:20:05 BRT 2008
Eu estou montando um firewall para meu notebook, mas não consigo bloquear
ping.
Alguem pode olhar minhas regras?
Deixei 3 serviços abertos, P2P.
Usei o http://www.hanynet.com/noobproof/ o firewall do leopard é muito
fraco.
Precisa colocar check-state e keep-state?
Quero ele o mais seguro possivel.
O que vocês acham do http://phoenixlabs.org/pg2/ ? É bom ou não ajuda.
Obrigado.
sh-3.2# ipfw list
00100 allow ip from any to any via lo*
01000 allow icmp from any to any out in icmptypes 8
01001 deny ip from any to any frag
01002 deny icmp from any to me in icmptypes 8
01100 deny ip from any to any ipoptions rr
01101 deny ip from any to any ipoptions ts
01102 deny ip from any to any ipoptions lsrr
01103 deny ip from any to any ipoptions ssrr
01200 deny tcp from any to any tcpflags syn,fin
01201 deny tcp from any to any tcpflags syn,rst
01202 deny tcp from any 0 to any
01203 deny tcp from any to any dst-port 0
01204 deny udp from any 0 to any
01205 deny udp from any to any dst-port 0
01206 deny ip from 224.0.0.0/4 to any in
01207 deny ip from 0.0.0.0/8 to any
10100 deny log tcp from any to any dst-port 23,514,513 in setup
10110 deny udp from any to any dst-port 23,514,513 in
10200 deny log tcp from any to any dst-port 53,67,68,123,5353 in setup
10210 deny udp from any to any dst-port 53,67,68,123,5353 in
10300 deny log tcp from any to any dst-port 80 in setup
10310 deny udp from any to any dst-port 80 in
10400 deny log tcp from any to any dst-port 139,445 in setup
10410 deny udp from any to any dst-port 139,445 in
10500 deny log tcp from any to any dst-port 515,631 in setup
10510 deny udp from any to any dst-port 515,631 in
10600 deny log tcp from any to any dst-port 548 in setup
10610 deny udp from any to any dst-port 548 in
10700 deny log tcp from any to any dst-port 20-21 in setup
10710 deny udp from any to any dst-port 20-21 in
10800 deny log tcp from any to any dst-port 3031 in setup
10810 deny udp from any to any dst-port 3031 in
10900 deny log tcp from any to any dst-port 3283 in setup
10910 deny udp from any to any dst-port 3283 in
11000 deny log tcp from any to any dst-port 3689 in setup
11010 deny udp from any to any dst-port 3689 in
11100 deny log tcp from any to any dst-port 5060,5297,16384-16403 in setup
11110 deny udp from any to any dst-port 5060,5297,16384-16403 in
11200 deny log tcp from any to any dst-port 500,1701,1723,4500,10000 in
setup
11210 deny udp from any to any dst-port 500,1701,1723,4500,10000 in
11300 deny log tcp from any to any dst-port 5900 in setup
11310 deny udp from any to any dst-port 5900 in
11400 deny log tcp from any to any dst-port 8770 in setup
11410 deny udp from any to any dst-port 8770 in
11600 allow tcp from any to any dst-port 32700 in setup
11610 allow udp from any to any dst-port 32700 in
11700 allow tcp from any to any dst-port 32715 in setup
11710 allow udp from any to any dst-port 32715 in
11800 allow tcp from any to any dst-port 51413 in setup
11810 allow udp from any to any dst-port 51413 in
11900 deny log tcp from any to any dst-port 22 in setup
11910 deny udp from any to any dst-port 22 in
63000 deny log tcp from any to any in setup
63001 deny udp from any to any dst-port 1-1023 in
65535 allow ip from any to any
Mais detalhes sobre a lista de discussão freebsd