From owner-freebsd-questions Wed Mar 6 3:29:16 2002 Delivered-To: freebsd-questions@freebsd.org Received: from hotmail.com (oe12.law11.hotmail.com [64.4.16.116]) by hub.freebsd.org (Postfix) with ESMTP id 4CD0237B41C for ; Wed, 6 Mar 2002 03:29:06 -0800 (PST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 6 Mar 2002 03:29:06 -0800 X-Originating-IP: [65.217.191.106] From: "Larry Cronin (Hotmail)" To: Subject: IPF Rule set questions Date: Wed, 6 Mar 2002 06:29:12 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_00A0_01C1C4D8.3B1EAA50" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Message-ID: X-OriginalArrivalTime: 06 Mar 2002 11:29:06.0170 (UTC) FILETIME=[20115DA0:01C1C502] Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. ------=_NextPart_000_00A0_01C1C4D8.3B1EAA50 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello, =20 I am having some issues with my Internet being very slow. I am = currently , with the help of this list sorting it out. Could anyone = tell me if this rule set looks ok. ################################# # Outside Interface # ################################# # This segment allows out all TCP, UDP, and ICMP traffic & keeps state # on it so it will allow it back in. pass out quick on xl1 proto tcp from any to any keep state pass out quick on xl1 proto udp from any to any keep state pass out quick on xl1 proto icmp from any to any keep state block out quick on xl1 all # This segment allows Mail traffic to the Exchange Server pass in quick on xl1 proto tcp from any to xxx.yyy.zzz.10/24 port =3D = 25 keep state pass in quick on xl1 proto tcp from any to xxx.yyy.zzz.10/24 port =3D = 110 keep state # This segment blocks and logs all remaining traffic coming into the = firewall # It blocks TCP with a RST (to make it appear as if the service isn't = listening)=20 # It blocks UDP with an ICMP port inreachable (to make it appear as if = the=20 # service isn't listening) # It blocks all remaining traffic block return-rst in log quick on xl1 proto tcp from any to any block return-icmp-as-dest(port-unr) in log quick on xl1 proto udp from = any to any block in log quick on xl1 all ################################# # Inside Interface # ################################# # This segment allows out all TCP, UDP, and ICMP traffic and keeps state pass out quick on xl0 proto tcp from any to any keep state pass out quick on xl0 proto udp from any to any keep state pass out quick on xl0 proto icmp from any to any keep state block out quick on xl0 all # This segment allows in all TCP, UDP, and ICMP traffic and keeps state pass in quick on xl0 proto tcp from any to any keep state pass in quick on xl0 proto udp from any to any keep state pass in quick on xl0 proto icmp from any to any keep state block in quick on xl0 all ################################# # Loopback Interface # ################################# # This segement allows everything to/from your loopback interface so you = can # ping yourself (e.g. ping localhost) pass in quick on lo0 all pass out quick on lo0 all # END OF FILE Thanks=20 Larry ------=_NextPart_000_00A0_01C1C4D8.3B1EAA50 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Hello,

I am having some issues with my = Internet being very=20 slow. I am currently , with the help of this list sorting it = out. =20 Could anyone tell me if this rule set looks ok.

#################################
# Outside=20 Interface #
#################################
# This segment = allows=20 out all TCP, UDP, and ICMP traffic & keeps state
# on it so it = will allow=20 it back in.

pass out quick on xl1 proto tcp from = any to any=20 keep state
pass out quick on xl1 proto udp from any to any keep = state
pass=20 out quick on xl1 proto icmp from any to any keep state
block out = quick on xl1=20 all

# This segment allows Mail traffic to = the Exchange=20 Server

pass in quick on xl1 proto tcp from any = to=20 xxx.yyy.zzz.10/24 port =3D 25 keep state
pass in quick on xl1 = proto tcp=20 from any to xxx.yyy.zzz.10/24 port =3D 110 keep state

# This segment blocks and logs all = remaining=20 traffic coming into the firewall
# It blocks TCP with a RST (to make = it=20 appear as if the service isn't listening)
# It blocks UDP with an = ICMP port=20 inreachable (to make it appear as if the
# service isn't = listening)
# It=20 blocks all remaining traffic

block return-rst in log quick on xl1 = proto tcp from=20 any to any
block return-icmp-as-dest(port-unr) in log quick on xl1 = proto udp=20 from any to any
block in log quick on xl1 all

#################################
# &nbs= p; =20 Inside Interface #
#################################
# This = segment=20 allows out all TCP, UDP, and ICMP traffic and keeps state
pass out = quick on=20 xl0 proto tcp from any to any keep state
pass out quick on = xl0 =20 proto udp from any to any keep state
pass out quick on xl0 = proto icmp=20 from any to any keep state
block out quick on xl0 all

# This segment allows in all TCP, UDP, = and ICMP=20 traffic and keeps state

pass in quick on xl0 proto tcp = from any to=20 any keep state
pass in quick on xl0 proto udp from any to any = keep=20 state
pass in quick on xl0 proto icmp from any to any keep=20 state
block in quick on xl0 all

#################################
# Loopback=20 Interface #
#################################
# This segement = allows=20 everything to/from your loopback interface so you can
# ping = yourself =20 (e.g. ping localhost)

pass in quick on lo0 all
pass out = quick on lo0=20 all

# END OF FILE

Thanks

Larry

------=_NextPart_000_00A0_01C1C4D8.3B1EAA50-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message