firewall settings

[steve]

here we go

i have setup my firewall for my external network.
enabled the fire wall.

when i run nmap -sS or nmap -sU from an external server i see

gate:~ # nmap -sS 210.176.69.164

Starting nmap 3.30 ( http://www.insecure.org/nmap/ ) at 2005-12-29 06:47 HKT
Interesting ports on 210.176.69.164:
(The 1638 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
106/tcp open pop3pw
311/tcp open asip-webadmin
389/tcp open ldap
548/tcp open afpovertcp
625/tcp open unknown

Nmap run completed — 1 IP address (1 host up) scanned in 5.564 seconds
gate:~ # nmap -sU x.x.x.x

Starting nmap 3.30 ( http://www.insecure.org/nmap/ ) at 2005-12-29 06:48 HKT
Interesting ports on x.x.x.x:
(The 1465 ports scanned but not shown below are in state: closed)
Port State Service
67/udp open dhcpserver
123/udp open ntp
137/udp open netbios-ns
138/udp open netbios-dgm
626/udp open unknown
631/udp open unknown

but on port 103, my fiewall rule is unchecked as is 548

what are other people seeing , or is this normal?

[steve]

yes on my fire wall i have port 548 as deny
so i would expect nmap to return “closed”

the other thing that is bothering me on the apple fire wall, is at the very end on the filre wall list

priority 65535 the rule is allow ip from any to any.

this does not appear in any of the fire wall settings, but i would presume that unless i have a rule before this set as:
deny ip from any to any
, then it is not gonig to be much of a fire wall , unless i specifically deny ports
this seems counter intuative ESP. for a fire wall, in that unles you specifically deny all, you have a hole.

[Author]

Posts