PF Firewall exceptions

[CrankyUser]

As a total noob to pcbsd ...

I have read a bit of the manual ... on firewalls.

Q1: What are the listed "Exceptions" for? Some services were "unknown." I find that disturbing. Call me crazy but I deleted every exception... Did I disable my firewall?

Q2: In buntu GUFW, the gui FW manager was simple and provided a listening report and notifications... I miss it. Any similar PCBSD apps?

[Weixiong]

Originally Posted by CrankyUser

As a total noob to pcbsd ... I have read a bit of the manual ... on firewalls. Q1: What are the listed "Exceptions" for? Some services were "unknown." I find that disturbing. Call me crazy but I deleted every exception... Did I disable my firewall? Q2: In buntu GUFW, the gui FW manager was simple and provided a listening report and notifications... I miss it. Any similar PCBSD apps?

.
You can drive yourself nuts if you fixate on your firewall logs, watching every random port scan bouncing off your firewall. Because if it's configured correctly that's all they do, and more than likely there's no sign you're even there if it doesn't respond to pings.

As long as you don't have any open ports there's really not much to worry about and if you're behind a router even less so. A scan from the net doesn't reach your machine if you're behind a router, it's scanning your router and most act like a firewall.

The majority of web traffic is carried out on TCP protocol to ports on your machine. HTTP on remote port 80, HTTPS on remote port 443, etc. The exceptions were just generic rules for you to use if you need to and really shouldn't be there if you're not using them, but back to the router argument. You didn't hurt anythng by deleting rules you aren't going to use. Better for now to delete them than set them to block.

That said, I've spent the last week trying to figure out what's wrong with the GUI on this one and finally figured it out today. The powers that be will be looking into it and for right now I wouldn't worry if I were you, as long as you aren't conecting to the net by dialup or running a server.

I do commend you on wanting to learn about them though, but it's too vast a subject to fully explain here. If you want to learn about this one read up on the OpenBSD pf firewall.

P.S. The "unknown" section you were worried about covers ports in the range of 49152-65535 and is where services such as HTTP connect to UNIX boxes. It's referred to as unknown because of the different services that could be using those ports to connect to your machine.