890

ipfw + nfs

salutare, nushtiu daca e problema insa am observat asha o chestie..nmap imi arata portul 2049 deschis, dar in reguli pt ipfw eu nu-l setez... de ce e asha? cat /etc/ipfw.rulesipfw -f flush#permitem orice tip de trafic pe interfata localaipfw add 10 permit ip from any to any via lo0# blocam orice trafic din partea ip-urilor privateipfw add 20 deny ip from any to 127.0.0.0/8 in recv rl0ipfw add 21 deny ip from 127.0.0.0/8 to any out xmit rl0ipfw add 30 deny ip from 192.168.0.0/16 to any in recv rl0ipfw add 31 deny ip from any to 192.168.0.0/16 out xmit rl0ipfw add 40 deny ip from 172.16.0.0/12 to any in recv rl0ipfw add 41 deny ip from any to 172.16.0.0/12 out xmit rl0# divert natipfw add 42 divert 8668 ip from any to any# permitem orice tip de trafic in cadrul retelei localeipfw add 50 permit ip from any to any via rl1# blocam pachetele fragmentateipfw add 60 deny icmp from any to any fragipfw add 70 permit tcp from any to any out via rl0 setup keep-state uid root# permitem pachetele ICMPipfw add 80 permit icmp from any to any# permitem SMTPipfw add 101 permit tcp from any to any 25 outipfw add 102 permit tcp from any 25 to any#permitem POP3ipfw add 103 permit tcp from any to any 110ipfw add 104 permit tcp from any 110 to any# permitem HTTPipfw add 105 permit tcp from any to any 80ipfw add 106 permit tcp from any 80 to any# permitem FTPipfw add 107 permit tcp from any to any 20ipfw add 108 permit tcp from any 20 to anyipfw add 109 permit tcp from any to any 21ipfw add 110 permit tcp from any 21 to any# permitem DNSipfw add 113 permit udp from any to any 53ipfw add 114 permit udp from any 53 to any# permitem SSH de la totziipfw add 115 permit tcp from any to any 22ipfw add 116 permit tcp from any 22 to any# permitem HTTPSipfw add 117 permit tcp from any to any 443ipfw add 118 permit tcp from any 443 to any# permitem ICQipfw add 119 permit tcp from any to any 5190ipfw add 120 permit tcp from any 5190 to any# permitem Yahoo Messengeripfw add 121 permit tcp from any to any 5050ipfw add 122 permit tcp from any 5050 to any# blocam restuipfw add 65000 deny log all from any to anynmap -O -vv xx.xx.xx.xx...Discovered open port 2049/tcp on xx.xx.xx.xx...
0