i've been experimenting with ipfw since moving some of my machines from linux to freebsd and i've run across an oddity wrt nmap and freebsd firewalls. it doesn't seem to work and the activity isn't logged either.
the firewall is working though. ssh goes through, while other ports are being blocked (and logged). i've confirmed this with telnet. but nmap still comes up empty. i'd like to be able to do a proper portscan, but is this a feature with ipfw or a lack of feature in nmap?
I am not entirely sure what problems you are seeing. It sounds like you are saying that the firewall works properly, and nmap correctly identifies open/closed/filtered ports, but you are getting nothing in your ipfw log indicating that a scan is happening. Is that correct?
If so, the "problem" is that nmap has a variety of scans which are designed not to be caught by firewall logs. If you try a TCP connect() port scan (-sT I think) it will show up in the firewall's logs.
If you want to catch all manner of port scans, you will have to use something like Snort.
_______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
