From owner-FreeBSD-users-jp@jp.FreeBSD.org Wed Oct 20 07:39:11 2010
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id o9JMdB014650;
	Wed, 20 Oct 2010 07:39:11 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from ts1.inter7.jp (220x218x138x50.ap220.ftth.ucom.ne.jp [220.218.138.50])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with SMTP/inet id o9JMdBb14645
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Wed, 20 Oct 2010 07:39:11 +0900 (JST)
	(envelope-from nana0773@inter7.jp)
Received: (qmail 7924 invoked by uid 507); 20 Oct 2010 07:39:05 +0900
Message-ID: <20101019223905.7923.qmail@ts1.inter7.jp>
To: FreeBSD-users-jp@jp.FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-2022-JP"
Content-Transfer-Encoding: 7bit
X-Mailer: Webmail-inter7
X-Priority: 3
From: nana0773 <nana0773@inter7.jp>
Reply-To: FreeBSD-users-jp@jp.FreeBSD.org
Precedence: list
Date: 20 Oct 2010 07:39:05 +0900
X-Sequence: FreeBSD-users-jp 93246
Subject: [FreeBSD-users-jp 93246] Re: ipf =?ISO-2022-JP?B?GyRCJE4bKEI=?=
 =?ISO-2022-JP?B?GyRCJDMkSCRLJEQkJCRGIUo4NRsoQg==?= ipnat
 =?ISO-2022-JP?B?GyRCJEskRCQkJEYhSxsoQg==?=
Sender: owner-FreeBSD-users-jp@jp.FreeBSD.org
X-Originator: nana0773@inter7.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+060209

Yu Oasa <you@dearest.net>$B!!(Bsaid:

>$B$"$H!"(Brc.conf $B$NCf?H$O$I$&$G$7$g$&$+(B

>  grep ^ipf /etc/rc.conf

$BFC$K5-=R$7$F$"$j$^$;$s$G$7$?$,!";n$7$K(B

ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.rules"

$B$r$D$1$?$i5/F0$7$^$7$?!#(B

>$B$b$7<+?.$,$J$1$l$P!"%9%/%j%W%H=3$C$?$[$&$,3Z$G$9$h(B

>  /etc/rc.d/ipfilter (start|restart|reload)

$B$=$7$F!"<jF0$G%9%/%j%W%H$r5/F0$7$F$_$?$i$3$&$J$j$^$7$?!#(B

# /etc/rc.d/ipfilter start
Cannot 'start' ipfilter. Set ipfilter_enable to YES in /etc/rc.conf or use 'onestart' instead of 'start'.

$B!J$"$($F%3%a%s%H%"%&%H$7$F$"$j$^$9!K(B

$B$=$7$F!"%3%a%s%H$r$O$:$7$F$+$i(B

# /etc/rc.d/ipfilter start
Enabling ipfilter.
31:ioctl(add/insert rule): No such process
34:ioctl(add/insert rule): No such process
37:ioctl(add/insert rule): No such process
38:ioctl(add/insert rule): No such process
41:ioctl(add/insert rule): No such process
1:ioctl(add/insert rule): No such process

# ipfstat -io
empty list for ipfilter(out)
block in quick proto tcp/udp from any to $B8GDj(BIP/32 port = auth
block in quick proto tcp/udp from any to $B8GDj(BIP/32 port = netbios-ns
block in quick proto tcp/udp from any to $B8GDj(BIP/32 port = netbios-dgm
block in quick proto tcp/udp from any to $B8GDj(BIP/32 port = netbios-ssn
block in quick proto tcp/udp from any to $B8GDj(BIP/32 port = microsoft-ds
block in quick proto tcp/udp from any to $B8GDj(BIP/32 port = wins
block in quick proto tcp/udp from any to $B8GDj(BIP/32 port = 3389

$B$N$h$&$K$J$j$^$7$?!#(B

$B$=$N8e!"(Bipf.rules$B$r$$$8$C$F(B

# localnet block
#block in log quick on ng0 from 192.168.1.0/24 to any group 200

# multicast block
#block in log quick on ng0 from 224.0.0.0/4 to any group 200

# smtp allow
#pass in quick on ng0 proto tcp from any to any port = 25 flags S/SA keep state group 200

# pop3 allow
#pass in quick on ng0 proto tcp from any to any port = 110 flags S/SA group 200

# www allow
#pass in quick on ng0 proto tcp from any to any port = 80 flags S/SA group 200

# ssl allow
#pass in quick on ng0 proto tcp from any to any port = 443 flags S/SA group 200

# dns allow
#pass in quick on ng0 proto tcp from any to any port = 53 flags S/SA group 200
#pass in quick on ng0 proto udp from any to any port = 53 group 200

# localnet allows
#pass out on em0  from 192.168.1.0/24 to 192.168.1.0/24 group 350

$B$N$h$&$K$7$F$+$i(B

# /etc/rc.d/ipfilter reload
Reloading ipfilter rules.
Set 1 now inactive

# ipfstat -io
empty list for ipfilter(out)
block in quick proto tcp/udp from any to 219.117.205.36/32 port = auth
block in quick proto tcp/udp from any to 219.117.205.36/32 port = netbios-ns
block in quick proto tcp/udp from any to 219.117.205.36/32 port = netbios-dgm
block in quick proto tcp/udp from any to 219.117.205.36/32 port = netbios-ssn
block in quick proto tcp/udp from any to 219.117.205.36/32 port = microsoft-ds
block in quick proto tcp/udp from any to 219.117.205.36/32 port = wins
block in quick proto tcp/udp from any to 219.117.205.36/32 port = 3389

$B$N$h$&$K$J$j$^$7$?!#(B

$B$=$7$F!"%7%^%s%F%C%/$N%;%-%e%j%F%#!<%A%'%C%/$G0J2<$N$h$&$K$J$j$^$7$?!#(B

http://security.symantec.com/sscv6/home.asp?langid=jp

$BMWCm0U(B  $BBP%O%C%+!<O*=PEY%A%'%C%/(B
$B0BA4(B  Windows $B@H<e@-%A%'%C%/(B
$B0BA4!!%H%m%$$NLZGO%A%'%C%/(B
 
$B$J$*!">e5-!_$N>\:Y$O0J2<$N$H$*$j$G$9!#(B

ICMP Ping Ping: open $B!J$$$D$b1~Ez%A%'%C%/MQ$K6u$1$F$"$j$^$9!K(B
21 FTP (File Transfer Protocol): open $B!J3+$1$F$"$j$^$9!K(B
22 SSH: closed $B!J;H$C$F$$$^$;$s!K(B
23 Telnet: open (ucspi-tcp$B$GJL(BIP$B%"%I%l%9$G(Bsl$B$,Av$j$^$9(B)
25 SMTP (Simple Mail Transfer Protocol): open
79 Finger: closed
80 HTTP (Hypertext Transfer Protocol): open $B!J;H$C$F$$$^$9!K(B
110 POP3 (Post Office Protocol): closed (localnet$B$N$_$N;HMQ(B)
113 Ident / Authentication.: stealth
119 NNTP (Network News Transfer Protocol): closed
135 Location service (loc-srv): closed
139 NetBIOS: stealth
143 IMAP (Internet Message Access Protocol): closed
443 TLS/SSL $B7PM3$N(B HTTP: closed ($B$$$:$l3+$1$^$9!K(B
445 Windows NT / 2000 SMB: stealth
1080 SOCKS: closed
1723 PPTP (Point-to-Point Tunneling Protocol): closed
5000 UPnP ($B%f%K%P!<%5%k%W%i%0%"%s%I%W%l%$(B): closed
5631 pcAnywhere: closed

$B;29M!'(B

open: $B3+$$$?%]!<%H$O%]!<%HC5::$K1~Ez$7!"%]!<%H$,MxMQ$G$-$F$7$^$$$^$9!#(B
$B3+$$$?%]!<%H$O4JC1$K%O%C%+!<$NF~$j8}$H$J$k$N$G4m81$G$9!#(B 
 
close: $BJD$8$?%]!<%H$O8+$($^$9$,!"967b$K$h$C$F3+$/$3$H$,$G$-$^$;$s!#(B
$B>uBV$H$7$F$O0BA4$G$9$,!"%O%C%+!<$O%3%s%T%e!<%?$NB8:_$r8!=P$9$k$?$a$K(B
$BJD$8$?%]!<%H$r;H$&$3$H$,$G$-!"@x:_E*$J967b$NBP>]$H$J$j$^$9!#(B 
 
stealth: $B%9%F%k%9%]!<%H$O:G$b0BA4$J%]!<%H$N>uBV$G$9!#(B
$B!V%9%F%k%9!W$H$$$&>uBV$O%]!<%HC5::$KBP$7$F$bA4$/1~Ez$;$:!"(B
$B@x:_E*$J967bBP>]$r%O%C%+!<$,C5$7$F$$$k$H$-$K!"(B
$B2>A[E*$KA4$/8+$($J$/$J$j$^$9!#:G$b0BA4$J>uBV$G$9$,!"(B
$B%9%F%k%9%]!<%H$O0lIt$N%$%s%?!<%M%C%H%"%W%j%1!<%7%g%s$G(B
$B%Q%U%)!<%^%s%9$NLdBj$N860x$H$J$k$3$H$,$"$j$^$9!#(B 

$B$J$J(B <nana0773@inter7.jp>

