[FUG-BR] Ajuda com IPFW
Bandeira
gnu.groups em gmail.com
Quinta Outubro 9 18:23:42 BRT 2008
Esqueci, eu consegui passar no teste de segurança outro dia mas não sei qual
regra usei.
2008/10/9 Bandeira <gnu.groups em gmail.com>
> Não, pq se eu tirar a regra ipfw add 65534 deny tcp from any to any o
> aMule funciona na boa, mas perde a segurança do firewall e sem firewall
> tambem funciona legal.
>
> On Thu, Oct 9, 2008 at 6:18 PM, Welkson Renny de Medeiros <
> welkson em focusautomacao.com.br> wrote:
>
>> Já pensou na possibilidade do provedor tá bloqueando?
>>
>> --
>> Welkson Renny de Medeiros
>> Focus Automação Comercial
>> Desenvolvimento / Gerência de Redes
>> welkson em focusautomacao.com.br
>>
>>
>>
>> Powered by ....
>>
>> (__)
>> \\\'',)
>> \/ \ ^
>> .\._/_)
>>
>> www.FreeBSD.org
>>
>>
>> ----- Original Message -----
>> From: "Bandeira" <gnu.groups em gmail.com>
>> To: "Lista Brasileira de Discussão sobre FreeBSD (FUG-BR)"
>> <freebsd em fug.com.br>
>> Sent: Thursday, October 09, 2008 5:51 PM
>> Subject: [FUG-BR] Ajuda com IPFW
>>
>>
>> > Não consigo pegar highid no aMule, as portas são 32703, 32715 e 32700 do
>> > torrent 51413 abriu a porta.
>> >
>> > E outra coisa, nesse teste https://www.grc.com/x/ne.dll?bh0bkyd2 não
>> passa
>> > no primeiro, os últimos 2 passaram.
>> >
>> > Postas 0 e 1 aparecem em azul, closed.
>> >
>> > Solicited TCP Packets: RECEIVED (FAILED) — As detailed in the port
>> report
>> > below, one or more of your system's ports actively responded to our
>> > deliberate attempts to establish a connection. It is generally possible
>> to
>> > increase your system's security by hiding it from the probes of
>> > potentially
>> > hostile hackers. Please see the details presented by the specific port
>> > links
>> > below, as well as the various resources on this site, and in our
>> extremely
>> > helpful and active user community.
>> >
>> >
>> >
>> > ipfw add 01000 allow ip from any to any via lo*
>> > ipfw add 02000 deny all from any to any frag
>> > ipfw add 02001 allow udp from any to any dst-port 37003
>> > ipfw add 02002 allow udp from any to any dst-port 32715
>> > ipfw add 02003 allow tcp from any to any dst-port 32000
>> > ipfw add 02004 allow tcp from any to any dst-port 51413
>> > ipfw add 02005 allow tcp from any to any dst-port 16000
>> > ipfw add 04001 deny ip from 127.0.0.0/8 to any in
>> > ipfw add 04101 deny ip from any to 127.0.0.0/8 in
>> > ipfw add 04201 deny ip from 224.0.0.0/3 to any in
>> > ipfw add 04301 deny tcp from any to 224.0.0.0/3 in
>> > ipfw add 04401 allow tcp from any to any out
>> > ipfw add 04501 allow tcp from any to any established
>> > ipfw add 04601 allow icmp from any to any icmptypes 0,3,8,11
>> > ipfw add 04701 deny icmp from any to any
>> > ipfw add 04801 deny ip from any to any ipoptions rr
>> > ipfw add 04901 deny ip from any to any ipoptions ts
>> > ipfw add 05001 deny ip from any to any ipoptions lsrr
>> > ipfw add 05101 deny ip from any to any ipoptions ssrr
>> > ipfw add 05301 deny tcp from any to any tcpflags syn,fin
>> > ipfw add 05311 deny tcp from any to any tcpflags syn,rst
>> > ipfw add 05321 deny tcp from any 0 to any
>> > ipfw add 05331 deny tcp from any to any dst-port 0
>> > ipfw add 05341 deny udp from any 0 to any
>> > ipfw add 05351 deny udp from any to any dst-port 0
>> > ipfw add 05361 deny ip from 224.0.0.0/4 to any in
>> > ipfw add 05371 deny ip from 0.0.0.0/8 to any
>> > ipfw add 65534 deny tcp from any to any
>> > ipfw add 65535 allow ip from any to any
>> > -------------------------
>> > Histórico: http://www.fug.com.br/historico/html/freebsd/
>> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>> >
>>
>> -------------------------
>> Histórico: http://www.fug.com.br/historico/html/freebsd/
>> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>>
>
>
Mais detalhes sobre a lista de discussão freebsd