From owner-freebsd-questions@FreeBSD.ORG Wed Jun 16 14:36:48 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B802C16A4CF for ; Wed, 16 Jun 2004 14:36:48 +0000 (GMT) Received: from mta11.adelphia.net (mta11.adelphia.net [68.168.78.205]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4BB7E43D53 for ; Wed, 16 Jun 2004 14:36:48 +0000 (GMT) (envelope-from fbsd_user@a1poweruser.com) Received: from barbish ([67.20.101.71]) by mta11.adelphia.net (InterMail vM.5.01.06.08 201-253-122-130-108-20031117) with SMTP id <20040616143525.LCQJ11133.mta11.adelphia.net@barbish>; Wed, 16 Jun 2004 10:35:25 -0400 From: "fbsd_user" To: "Kevin Curran" , Date: Wed, 16 Jun 2004 10:35:24 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <1087261927.5494.11.camel@tower> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Importance: Normal Subject: RE: Are 4 IPFW rules enough? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: fbsd_user@a1poweruser.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jun 2004 14:36:48 -0000 Boy are you naïve. If firewall protection was that simple every body would be doing it your way. I have just completed my final draft of the complete rewrite of the FBSD handbook firewall section. Here is the URL where you can access it. www.a1poweruser.com/FBSD_firewall/ Give it a read and learn about all your FBSD firewall options -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Kevin Curran Sent: Monday, June 14, 2004 9:12 PM To: freebsd-questions@freebsd.org Subject: Are 4 IPFW rules enough? I have a cable modem and I'm using 4.9 as a NAT router for my home network. I have 4 rules in my ipfw config. The first enables NAT and the last is 65000 allow any to any. In between I ha 2 rules to deny access to ports 53 and 110 on the Internet side. That's all. Here's my thinking: I use inetd.conf to enable only the services I want, therefore the ports on which those services are listening I would want open. The two other ports I want to filter on the WAN side are filtered by the rules above. All the other ports are closed, anyway, so why spend time debugging an elaborate rule set? _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"