From owner-freebsd-questions  Sun May 10 13:43:37 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA08831
          for freebsd-questions-outgoing; Sun, 10 May 1998 13:43:37 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from granite.sentex.net (granite.sentex.ca [199.212.134.1])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA08812
          for <questions@freebsd.org>; Sun, 10 May 1998 13:43:11 -0700 (PDT)
          (envelope-from mike@sentex.net)
Received: from ospf-mdt.sentex.net (ospf-mdt.sentex.net [205.211.164.81]) by granite.sentex.net (8.8.6/8.6.9) with SMTP id QAA06710; Sun, 10 May 1998 16:42:49 -0400 (EDT)
From: mike@sentex.net (Mike Tancsa)
To: capriotti@geocities.com (Capriotti)
Cc: questions@FreeBSD.ORG
Subject: Re: IPFW Rules
Date: Sun, 10 May 1998 20:45:26 GMT
Message-ID: <35560f9c.335533641@mail.sentex.net>
References: <3.0.32.19980510143332.0092ea30@pop.mpc.com.br>
In-Reply-To: <3.0.32.19980510143332.0092ea30@pop.mpc.com.br>
X-Mailer: Forte Agent .99e/32.227
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sun, 10 May 1998 14:52:04 -0300, in sentex.lists.freebsd.questions
you wrote:
>I am trying to setup IPFW rules to match my needs, but, so far, all the
>documentation, handbooks, and searches using fbsd's archivbes were not very
>helpful; I still can't understand how to setup rules.

The sample in /etc/rc.firewall is very comprehensive.. Here are some
samples...

e.g. to stop spoofing, assuming your outside interface is fxp0 and
your internal netowk is 192.168.100.0/24 the command below would stop
spoofed packets
/sbin/ipfw add 1100 deny log all from 192.168.100.0:255.255.255.0 to
any in via fxp0     

To stop ICMP Echo
/sbin/ipfw add 2000 deny log icmp from any to 199.212.134.0/24 in recv
fxp0 icmptype 0,8 

To stop mail from a SPAMMER's class C (Harris Marketing)
ipfw add 3001 unreach filter-prohib log tcp from
208.26.102.0:255.255.255.0 to any 25 in recv fxp0 

If you are experimenting for the first time, do it on the console, as
the wrong command can lock out network access...

	---Mike

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message