Locking Down Your Firewall Scan your firewall

Portscan from the Outside:
From a machine outside your network, scan your firewall.
# nmap -sS -O 172.24.24.61 Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-04-03 20:33 CDT Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and1 closed TCP port Interesting ports on firewall (24.243.0.221): (The 1662 ports scanned but not shown below are in state: filtered) PORT STATE SERVICE 113/tcp closed auth Too many fingerprints match this host to give specific OS details Nmap finished: 1 IP address (1 host up) scanned in 31.835 seconds
Only a closed auth service is even visible. However, some may still want to shut off even ICMP/ping type packets.
You may also want to do Destination Network Address Translation (DNAT) or port forwarding.
To do either of these, we need to edit our firewall script /etc/firewall.rules file

Portscan from the Outside: