IPFW urgent Help！! Have a hacker, Hack ME

[Franklin]

Hacker crash my system and reboot my system!!
Expert
Who can put the best settings for the firewall?

 

[mer]

There are others more expert than me, but a starting point:

Unplug all network cables first
backup your data
reinstall the system, preferably on a new disk
using pf:
/etc/pf.conf containing:
block drop in all
pass out all keep state

enable pf in rc.conf

That ruleset blocks all inbound connections that originate from the outside, allows all connections originating from your machine out.

 

[SirDice]

Hacker crash my system and reboot my system!!

How can you tell?

Also, you didn't learn anything the first time? https://forums.FreeBSD.org/threads/how-to-protect.75988/

 

[Franklin]

How can you tell?

Also, you didn't learn anything the first time? https://forums.FreeBSD.org/threads/how-to-protect.75988/

I forgot to ask this question
You are an expert, can you let me see your settings?
Please help

 

[Geezer]

You are an expert, can you let me see your settings?

You may have over expectations of what you can get from this forum.

 

[eternal_noob]

can you let me see your settings?

You already got an answer what to put in /etc/pf.conf. Read the thread again.

 

[Deleted member 30996]

block drop in all
pass out all keep state

This should be:

block in all
pass out all keep state

That's the rule I start out with. I can go days after finishing a new build without any worry whatsoever.
The one that appears in my tutorial is the one I use once I get around to editing files:

Beginners Guide - How To Set Up A FreeBSD Desktop From Scratch

I'm going to guide you though the process of getting a fully functional FreeBSD 13.0-RELEASE desktop up and running, complete with system files and security settings, step-by-step as if you've never used UNIX or the command line. Now let's get started: Insert your boot media and at the Welcome...

forums.freebsd.org

 

[SirDice]

Please help

Answer some of the questions we have so we can provide better help.

Please post the output from uname -a. I would also like to know how you found out that your system was crashed and rebooted by a hacker. Is it possible it just crashed due to other reasons? Why are you asking for urgent help now when you had the problem a year ago?

 

[eternal_noob]

Why are you asking for urgent help now when you had the problem a year ago?

Don't want to be political but the China-Taiwan relations arn't the best. We better help him or bad things will happen.

 

[6502]

Are you sure the crash and reboot are not from bad hardware (e.g. RAM)? The good hacker will not show you that he has root access.

 

[astyle]

This may be a good opportunity for OP to re-install the system from scratch, and include first setting up the firewall, and then everything else. It's easier to fine-tune the firewall that way, because errors can be isolated to a specific rule or an application's .conf file. I generally preach the idea that first, you make an app behave via its own .conf file, and then let the firewall do the rest of the enforcement.

 

[diizzy]

..or is this a troll?

 

[chrbr]

I have the lines below in my /etc/rc.conf:

firewall_enable="yes"
firewall_type="workstation"

The configuration is maintained by people who have more knowledge than I have.

 

[mer]

I have the lines below in my /etc/rc.conf:

firewall_enable="yes"
firewall_type="workstation"

The configuration is maintained by people who have more knowledge than I have.

That default configuration gives you:
default deny in
default allow out from host

so connections originating from outside and trying to terminate at your workstation (someone trying to ssh/telnet to your workstation) are simply dropped and anything your workstation originates (say you doing DNS lookup to google.com) is allowed.
Reasonably secure posture, so yes, very good starting point.
But I refer back to posts #3 and #12.

 

[Franklin]

This should be:

block in all
pass out all keep state

That's the rule I start out with. I can go days after finishing a new build without any worry whatsoever.
The one that appears in my tutorial is the one I use once I get around to editing files:

Beginners Guide - How To Set Up A FreeBSD Desktop From Scratch

I'm going to guide you though the process of getting a fully functional FreeBSD 13.0-RELEASE desktop up and running, complete with system files and security settings, step-by-step as if you've never used UNIX or the command line. Now let's get started: Insert your boot media and at the Welcome...

forums.freebsd.org

This should be:

block in all
pass out all keep state

That's the rule I start out with. I can go days after finishing a new build without any worry whatsoever.
The one that appears in my tutorial is the one I use once I get around to editing files:

Beginners Guide - How To Set Up A FreeBSD Desktop From Scratch

I'm going to guide you though the process of getting a fully functional FreeBSD 13.0-RELEASE desktop up and running, complete with system files and security settings, step-by-step as if you've never used UNIX or the command line. Now let's get started: Insert your boot media and at the Welcome...

forums.freebsd.org

Hi block in all
My system DHCP can't get ip?
please help

 

[Deleted member 30996]

Hi block in all
My system DHCP can't get ip?
please help

I answered your PM and pointed you to the pf ruleset at the bottom of my tutorial.

 

[dd_ff_bb]

Hacker crash my system and reboot my system!!

You are an expert, can you let me see your settings?

Evil hackers, hacked my system. Can you all send me your ip addresses, username and passwords please, so i can check your settings and choose the best configuration

ohhhhhh if you are using ssl based authentication, please add my pub id to your systems so i don't have connection problems
ohhhhhh 2 - also add my ip to your firewall so i dont have connection problems