Date: Sun, 28 Nov 2004 14:41:29 +0000 From: Jonathon McKitrick <jcm@FreeBSD-uk.eu.org> To: freebsd-ipfw@freebsd.org Subject: Fwd: Is this a hole in my firewall? Message-ID: <20041128144129.GA20832@dogma.freebsd-uk.eu.org>
next in thread | raw e-mail | index | archive | help
Here are my rules: root@neptune:~# ipfw show 00100 0 0 check-state 00200 2 144 allow ip from me to any keep-state out xmit tun0 00300 0 0 allow ip from any to any keep-state out xmit tun0 00400 0 0 deny tcp from any to any in recv tun0 established 00500 0 0 allow ip from any to any via vr0 00600 0 0 allow ip from any to any via lo0 00700 0 0 deny ip from any to 127.0.0.0/8 00800 0 0 deny ip from 127.0.0.0/8 to any 00900 0 0 allow tcp from any to me 22 keep-state in recv vr0 setup 01000 0 0 allow icmp from any to any via tun0 icmptype 0,3,8,11,12 01100 0 0 deny log logamount 100 ip from any to any 65535 0 0 deny ip from any to any I added rule 300 so that my laptop on my wireless network can connect, ping, and get DNS and DHCP. Is there a better way to specify this? jm --
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041128144129.GA20832>