Mostrando mensaje 1174     < Anterior | Siguiente > Responder a este mensaje Asunto: [glisc] Comprobando configuracion del firewall Fecha: Miercoles, 16 de Abril, 2003  18:47:16 (-0400) Autor: Alfonso Fernandez <afernandez @........bo> Testing of firewall configuration After successful setup of a firewall ruleset it's very recommended to test this setup from outside (and perhaps also from inside). One of the best tools around for that is nmap (http://www.insecure.org/nmap/). If you have need for a commercial auditing, then look e.g. at http://www.aerasec.de/security/services/, they offer different kind of. Local test using netstat Open TCP ports: netstat -lnpt Open UDP ports: netstat -lnpu Local and remote test using nmap See manpage and information on the Internet for details For the search for open TCP ports use: nmap -sS -P0 -p 1-65535 localhost For the search for open UDP ports use: nmap -sU -P0 -p 1-65535 localhost For the search for static packet filter for DNS and active FTP use: nmap -sS -P0 -p 1-65535 -g 20 localhost If you detect open ports, you have no chance for changes other than forbid active FTP nmap -sS -P0 -p 1-65535 -g 53 localhost If you detect open ports, you have a misconfigured port filter setup nmap -sU -P0 -p 1-65535 -g 53 localhost If you detect open ports, you have no chance for changes other than setup specific destination IPv4 addresses for DNS queries, e.g. the same you use as forwarder or in the resolver configuration http://www.bieringer.de/linux/firewalling/testing.html