На сервере (FreeBSD 4.8) настроена фильтрация через IPF
в ядре options IPDIVERT
options IPFILTER
options IPFILTER_LOG
options IPFILTER_DEFAULT_BLOCK
в /etc/rc.conf ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.conf"
в /etc/ipf.conf
#!/usr/bin -Fa -f -
#for reconfig ipf enter "ipf -Fa -f <filename>"
#counting rules
# ppp0 - external interface
count in on ppp0 all
count out on ppp0 all
# rl0 - internal 1 interface
count in on rl0 all
count out on rl0 all
pass in quick from 127.0.0.1 to 127.0.0.1
pass out quick from 127.0.0.1 to 127.0.0.1
pass in proto tcp from any to any port 1023 >< 65535
pass out proto tcp from any to any port 1023 >< 65535
pass in proto icmp all
pass out proto icmp all
#SMTP
pass in proto tcp from any to XXX.XXX.XXX.XXX/32 port = 25
pass out proto tcp from XXX.XXX.XXX.XXX/32 to any port = 25
#DNS
pass in proto udp from any to XXX.XXX.XXX.XXX/32 port = 53
pass out proto udp from XXX.XXX.XXX.XXX/32 to any port = 53
pass in proto tcp from any to XXX.XXX.XXX.XXX/32 port = 53
pass out proto tcp from XXX.XXX.XXX.XXX/32 to any port = 53
#WEB my_site.ru
pass in proto tcp from any to XXX.XXX.XXX.XXX/32 port = 80
pass out proto tcp from XXX.XXX.XXX.XXX/32 to any port = 80
#FTP
pass in proto tcp from any to XXX.XXX.XXX.XXX/32 port = 20
pass out proto tcp from XXX.XXX.XXX.XXX/32 to any port = 20
pass in proto tcp from any to XXX.XXX.XXX.XXX/32 port = 21
pass out proto tcp from XXX.XXX.XXX.XXX/32 to any port = 21
#local rules
pass in proto tcp from 192.168.1.0/24 to 192.168.1.1/32 port = 3128
pass out proto tcp from 192.168.1.1/32 to 192.168.1.0/24 port = 3128
pass in proto tcp from 192.168.1.0/24 to 192.168.1.1/32 port = 80
pass out proto tcp from 192.168.1.1/32 to 192.168.1.0/24 port = 80
pass in proto udp from 192.168.1.0/24 to 192.168.1.1/32 port = 137
pass out proto udp from 192.168.1.1/32 to 192.168.1.0/24 port = 137
pass in proto tcp from 192.168.1.0/24 to 192.168.1.1/32 port = 139
pass out proto tcp from 192.168.1.1/32 to 192.168.1.0/24 port = 139
pass in proto tcp from 192.168.1.0/24 to 192.168.1.1/32 port = 25
pass out proto tcp from 192.168.1.1/32 to 192.168.1.0/24 port = 25
pass in proto tcp from 192.168.1.0/24 to 192.168.1.1/32 port = 110
pass out proto tcp from 192.168.1.1/32 to 192.168.1.0/24 port = 110
pass in proto udp from 192.168.1.0/24 to 192.168.1.1/32 port = 53
pass out proto udp from 192.168.1.1/32 to 192.168.1.0/24 port = 53
pass in proto tcp from 192.168.1.0/24 to 192.168.1.1/32 port = 53
pass out proto tcp from 192.168.1.1/32 to 192.168.1.0/24 port = 53
pass in proto tcp from 192.168.1.0/24 to 192.168.1.1/32 port = 20
pass out proto tcp from 192.168.1.1/32 to 192.168.1.0/24 port = 20
pass in proto tcp from 192.168.1.0/24 to 192.168.1.1/32 port = 21
pass out proto tcp from 192.168.1.1/32 to 192.168.1.0/24 port = 21
pass in proto tcp from 192.168.1.0/24 to 192.168.1.1/32 port = 443
pass out proto tcp from 192.168.1.1/32 to 192.168.1.0/24 port = 443
Всё бы хорошо и когда запускаешь #nmap -vv my_site.ru он сканит TCP порты, конкретно пишет такие открыты, остальные закрыты
Но когда пускаешь #nmap -vv my_site.ru -sU, он радостно сообщает все 1471 UDP порт открыт!!!!!!! Офигеть! в чём затык?