View Single Post
  #4   (View Single Post)  
Old 8th February 2009
carpman carpman is offline
Shell Scout
 
Join Date: Jul 2008
Posts: 94
Default

Hello and the and thanks for reply,, been a long week and just realised i could use nmap from my workstation to test port, which i did and it shows it as closed:

Quote:
Starting Nmap 4.76 ( http://nmap.org ) at 2009-02-08 20:19 GMT
Interesting ports on 85-234-15*-**.static.poundhost.com (85.234.15*.**):
PORT STATE SERVICE
5224/tcp closed unknown
I have also included my pf.conf

Quote:
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#------------------------------------------------------------------------
# macros
#------------------------------------------------------------------------
# interfaces
ext_if = "fxp0"

logopt = "log"
#-----------------------------------------------------------------------
# Tables
#-----------------------------------------------------------------------
#our ips
table <local> { 202.83.54.128, 69.59.173.180, 59.93.35.19/24 }

#block spammers listed in this file
table <spammers> persist file "/etc/spammers"

# publically accesible services (transport layer neutral)
tcp_pass = "{ 20,21,22,25,26,37,53,80,110,143,144,443,465,587,87 3,993,995,1922,3306,5001,5224,8009,8080,8443,10125 ,10000 }"
udp_pass = "{ 37,53,110,123,873,10000 }"
# externally permitted inbound icmp types
icmp_types = "echoreq"
# internal network
# block these networks
table <private> { 0.0.0.0/8, 10.0.0.0/8, 20.20.20.0/24, 127.0.0.0/8, 169.254.0.0/16, 172.16.0.0/12, 192.0.2.0/24, 192.168.0.0/16, 224.0.0.0/3, 255.255.255.255 }
# Anti brute force
table <brute> persist
pass out
pass in keep state (max-src-conn 50, max-src-conn-rate 50/5, overload <brute> flush global)
#-----------------------------------------------------------------------
# options
#------------------------------------------------------------------------
# config
set block-policy return
set loginterface $ext_if
set skip on lo0
# scrub
#scrub all reassemble tcp no-df
#scrub in all fragment reassemble
#scrub out all random-id
scrub in all
#------------------------------------------------------------------------
# firewall policy
#------------------------------------------------------------------------
block all
# restrictive default rules
block in quick on $ext_if from <private> to any
block out quick on $ext_if from any to <private>
pass in quick from <local> to any keep state
block in on fxp0 from <spammers> to any
block return-rst in $logopt on $ext_if proto tcp all
block return-icmp in $logopt on $ext_if proto udp all
block in $logopt on $ext_if proto icmp all
block out $logopt on $ext_if all
# trust localhost
pass in quick on lo0 all
pass out quick on lo0 all
# anti spoofing
#block drop in $logopt quick on $ext_if from to any
#block drop out $logopt quick on $ext_if from any to
antispoof for { $ext_if }
# anti fake return-scans
block return-rst out on $ext_if proto tcp all
block return-rst in on $ext_if proto tcp all
block return-icmp out on $ext_if proto udp all
block return-icmp in on $ext_if proto udp all
# toy with script kiddies scanning us
block in $logopt quick proto tcp flags FUP/WEUAPRSF
block in $logopt quick proto tcp flags WEUAPRSF/WEUAPRSF
block in $logopt quick proto tcp flags SRAFU/WEUAPRSF
block in $logopt quick proto tcp flags /WEUAPRSF
block in $logopt quick proto tcp flags SR/SR
block in $logopt quick proto tcp flags SF/SF
# allow permitted icmp
pass in inet proto icmp all icmp-type $icmp_types keep state
# allow permitted services
pass in on $ext_if inet proto tcp from any to any port $tcp_pass flags S/SA keep state
pass in on $ext_if inet proto udp from any to any port $udp_pass keep state
pass out on $ext_if inet proto tcp from any to any port $tcp_pass flags S/SA keep state
pass out on $ext_if inet proto udp from any to any port $udp_pass keep state
pass out on $ext_if inet proto tcp from any to port 21 keep state
pass out on $ext_if inet proto tcp from any to port > 1023 keep state
# permit full outbound access
# warning: potentially insecure. you may wish to lock down outbound access.
cheers
Reply With Quote