[FUG-BR] Ajuda ipfw e pergunta sobre PeerGuardian.
web 2.0
gnu.groups em gmail.com
Quarta Maio 28 15:24:11 BRT 2008
Esqueci de uma coisa, fica melhor bloquear tudo e só liberar o que quero ?
Ou assim está bom ? Esse monte de regras.
2008/5/28 web 2.0 <gnu.groups em gmail.com>:
> Eu estou montando um firewall para meu notebook, mas não consigo bloquear
> ping.
> Alguem pode olhar minhas regras?
>
> Deixei 3 serviços abertos, P2P.
>
> Usei o http://www.hanynet.com/noobproof/ o firewall do leopard é muito
> fraco.
>
> Precisa colocar check-state e keep-state?
>
> Quero ele o mais seguro possivel.
>
> O que vocês acham do http://phoenixlabs.org/pg2/ ? É bom ou não ajuda.
>
> Obrigado.
>
> sh-3.2# ipfw list
> 00100 allow ip from any to any via lo*
> 01000 allow icmp from any to any out in icmptypes 8
> 01001 deny ip from any to any frag
> 01002 deny icmp from any to me in icmptypes 8
> 01100 deny ip from any to any ipoptions rr
> 01101 deny ip from any to any ipoptions ts
> 01102 deny ip from any to any ipoptions lsrr
> 01103 deny ip from any to any ipoptions ssrr
> 01200 deny tcp from any to any tcpflags syn,fin
> 01201 deny tcp from any to any tcpflags syn,rst
> 01202 deny tcp from any 0 to any
> 01203 deny tcp from any to any dst-port 0
> 01204 deny udp from any 0 to any
> 01205 deny udp from any to any dst-port 0
> 01206 deny ip from 224.0.0.0/4 to any in
> 01207 deny ip from 0.0.0.0/8 to any
> 10100 deny log tcp from any to any dst-port 23,514,513 in setup
> 10110 deny udp from any to any dst-port 23,514,513 in
> 10200 deny log tcp from any to any dst-port 53,67,68,123,5353 in setup
> 10210 deny udp from any to any dst-port 53,67,68,123,5353 in
> 10300 deny log tcp from any to any dst-port 80 in setup
> 10310 deny udp from any to any dst-port 80 in
> 10400 deny log tcp from any to any dst-port 139,445 in setup
> 10410 deny udp from any to any dst-port 139,445 in
> 10500 deny log tcp from any to any dst-port 515,631 in setup
> 10510 deny udp from any to any dst-port 515,631 in
> 10600 deny log tcp from any to any dst-port 548 in setup
> 10610 deny udp from any to any dst-port 548 in
> 10700 deny log tcp from any to any dst-port 20-21 in setup
> 10710 deny udp from any to any dst-port 20-21 in
> 10800 deny log tcp from any to any dst-port 3031 in setup
> 10810 deny udp from any to any dst-port 3031 in
> 10900 deny log tcp from any to any dst-port 3283 in setup
> 10910 deny udp from any to any dst-port 3283 in
> 11000 deny log tcp from any to any dst-port 3689 in setup
> 11010 deny udp from any to any dst-port 3689 in
> 11100 deny log tcp from any to any dst-port 5060,5297,16384-16403 in setup
> 11110 deny udp from any to any dst-port 5060,5297,16384-16403 in
> 11200 deny log tcp from any to any dst-port 500,1701,1723,4500,10000 in
> setup
> 11210 deny udp from any to any dst-port 500,1701,1723,4500,10000 in
> 11300 deny log tcp from any to any dst-port 5900 in setup
> 11310 deny udp from any to any dst-port 5900 in
> 11400 deny log tcp from any to any dst-port 8770 in setup
> 11410 deny udp from any to any dst-port 8770 in
> 11600 allow tcp from any to any dst-port 32700 in setup
> 11610 allow udp from any to any dst-port 32700 in
> 11700 allow tcp from any to any dst-port 32715 in setup
> 11710 allow udp from any to any dst-port 32715 in
> 11800 allow tcp from any to any dst-port 51413 in setup
> 11810 allow udp from any to any dst-port 51413 in
> 11900 deny log tcp from any to any dst-port 22 in setup
> 11910 deny udp from any to any dst-port 22 in
> 63000 deny log tcp from any to any in setup
> 63001 deny udp from any to any dst-port 1-1023 in
> 65535 allow ip from any to any
>
>
>
>
Mais detalhes sobre a lista de discussão freebsd