[FUG-BR] Ajuda com IPFW

Bandeira gnu.groups em gmail.com
Quinta Outubro 9 19:42:00 BRT 2008 

Resolvido, so falta o aMule funcionar.
Tirando essa regra ipfw add 65534 deny tcp from any to any  ele funciona.

On Thu, Oct 9, 2008 at 6:32 PM, Bandeira <gnu.groups em gmail.com> wrote:

> Testei com outro provedor agora aparecem a porta 1 e 30 como closed. O
> aMule continua em lowid.
>
> E agora da outro erro, os 2 abaixo.
>
> *Solicited TCP Packets: RECEIVED (FAILED)* — As detailed in the port
> report below, one or more of your system's ports actively responded to our
> deliberate attempts to establish a connection. It is generally possible to
> increase your system's security by hiding it from the probes of potentially
> hostile hackers. Please see the details presented by the specific port links
> below, as well as the various resources on this site, and in our extremely
> helpful and active user community <https://www.grc.com/discussions.htm>.
>
> *Ping Reply: RECEIVED (FAILED)* — Your system REPLIED to our Ping (ICMP
> Echo) requests, making it visible on the Internet. Most personal firewalls
> can be configured to block, drop, and ignore such ping requests in order to
> better hide systems from hackers. This is highly recommended since "Ping" is
> among the oldest and most common methods used to locate systems prior to
> further exploitation.
>
>
> 2008/10/9 Bandeira <gnu.groups em gmail.com>
>
>> Esqueci, eu consegui passar no teste de segurança outro dia mas não sei
>> qual regra usei.
>>
>> 2008/10/9 Bandeira <gnu.groups em gmail.com>
>>
>> Não, pq se eu tirar a regra ipfw add 65534 deny tcp from any to any o
>>> aMule funciona na boa, mas perde a segurança do firewall e sem firewall
>>> tambem funciona legal.
>>>
>>> On Thu, Oct 9, 2008 at 6:18 PM, Welkson Renny de Medeiros <
>>> welkson em focusautomacao.com.br> wrote:
>>>
>>>> Já pensou na possibilidade do provedor tá bloqueando?
>>>>
>>>> --
>>>> Welkson Renny de Medeiros
>>>> Focus Automação Comercial
>>>> Desenvolvimento / Gerência de Redes
>>>> welkson em focusautomacao.com.br
>>>>
>>>>
>>>>
>>>>                      Powered by ....
>>>>
>>>>                                           (__)
>>>>                                        \\\'',)
>>>>                                          \/  \ ^
>>>>                                          .\._/_)
>>>>
>>>>                                      www.FreeBSD.org
>>>>
>>>>
>>>> ----- Original Message -----
>>>> From: "Bandeira" <gnu.groups em gmail.com>
>>>> To: "Lista Brasileira de Discussão sobre FreeBSD (FUG-BR)"
>>>> <freebsd em fug.com.br>
>>>> Sent: Thursday, October 09, 2008 5:51 PM
>>>> Subject: [FUG-BR] Ajuda com IPFW
>>>>
>>>>
>>>> > Não consigo pegar highid no aMule, as portas são 32703, 32715 e 32700
>>>> do
>>>> > torrent 51413 abriu a porta.
>>>> >
>>>> > E outra coisa, nesse teste https://www.grc.com/x/ne.dll?bh0bkyd2 não
>>>> passa
>>>> > no primeiro, os últimos 2 passaram.
>>>> >
>>>> > Postas 0 e 1 aparecem em azul, closed.
>>>> >
>>>> > Solicited TCP Packets: RECEIVED (FAILED) — As detailed in the port
>>>> report
>>>> > below, one or more of your system's ports actively responded to our
>>>> > deliberate attempts to establish a connection. It is generally
>>>> possible to
>>>> > increase your system's security by hiding it from the probes of
>>>> > potentially
>>>> > hostile hackers. Please see the details presented by the specific port
>>>> > links
>>>> > below, as well as the various resources on this site, and in our
>>>> extremely
>>>> > helpful and active user community.
>>>> >
>>>> >
>>>> >
>>>> > ipfw add 01000 allow ip from any to any via lo*
>>>> > ipfw add 02000 deny all from any to any frag
>>>> > ipfw add 02001 allow udp from any to any dst-port 37003
>>>> > ipfw add 02002 allow udp from any to any dst-port 32715
>>>> > ipfw add 02003 allow tcp from any to any dst-port 32000
>>>> > ipfw add 02004 allow tcp from any to any dst-port 51413
>>>> > ipfw add 02005 allow tcp from any to any dst-port 16000
>>>> > ipfw add 04001 deny ip from 127.0.0.0/8 to any in
>>>> > ipfw add 04101 deny ip from any to 127.0.0.0/8 in
>>>> > ipfw add 04201 deny ip from 224.0.0.0/3 to any in
>>>> > ipfw add 04301 deny tcp from any to 224.0.0.0/3 in
>>>> > ipfw add 04401 allow tcp from any to any out
>>>> > ipfw add 04501 allow tcp from any to any established
>>>> > ipfw add 04601 allow icmp from any to any icmptypes 0,3,8,11
>>>> > ipfw add 04701 deny icmp from any to any
>>>> > ipfw add 04801 deny ip from any to any ipoptions rr
>>>> > ipfw add 04901 deny ip from any to any ipoptions ts
>>>> > ipfw add 05001 deny ip from any to any ipoptions lsrr
>>>> > ipfw add 05101 deny ip from any to any ipoptions ssrr
>>>> > ipfw add 05301 deny tcp from any to any tcpflags syn,fin
>>>> > ipfw add 05311 deny tcp from any to any tcpflags syn,rst
>>>> > ipfw add 05321 deny tcp from any 0 to any
>>>> > ipfw add 05331 deny tcp from any to any dst-port 0
>>>> > ipfw add 05341 deny udp from any 0 to any
>>>> > ipfw add 05351 deny udp from any to any dst-port 0
>>>> > ipfw add 05361 deny ip from 224.0.0.0/4 to any in
>>>> > ipfw add 05371 deny ip from 0.0.0.0/8 to any
>>>> > ipfw add 65534 deny tcp from any to any
>>>> > ipfw add 65535 allow ip from any to any
>>>> > -------------------------
>>>> > Histórico: http://www.fug.com.br/historico/html/freebsd/
>>>> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>>>> >
>>>>
>>>> -------------------------
>>>> Histórico: http://www.fug.com.br/historico/html/freebsd/
>>>> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>>>>
>>>
>>>
>>
>

Mais detalhes sobre a lista de discussão freebsd