Date: Tue, 16 Jul 2002 18:46:38 -0400 From: "Mark D" <markd@cogeco.ca> To: <freebsd-security@freebsd.org> Subject: ipfw and it's glory... Message-ID: <000101c22d1a$a54d6e70$6401a8c0@promethium>
next in thread | raw e-mail | index | archive | help
Hello, First, I hope this is appropriate for this list, if not I'll gladly repost. I thought this could be a freebsd-questions question, but hey, I took a chance. Alright, here we go... I plan to run http, ftp, ssh, smtp, and pop on a lan box (I'm going to treat it as a real box - just so I can be ready for when I do this in the future). I'd like http, ftp, pop, and smtp to be open to anyone and for ssh connections to be only allowed when I add the rule (to allow that specific host). I've read the man pages on ipfw and some other documents but am still confused. Here is what I've put together so far (go easy on me); allow ip from trusted-ip-addy-1 to any allow ip from trusted-ip-addy-2 to any allow log tcp from any to any established allow log tcp from trusted-ip-addy-1 to any 22 in setup allow log udp from internal-addy to any 53 allow log udp from any 53 to internal-addy allow log tcp from any to internal-addy 80,21,110,15 setup - 65535 deny ip from any to any So... I'm not sure if that is the best approach (maybe adding a 'check state' here and a 'established' there ;p), but I'm hoping the subscribers of this list could give me some insight on securing it properly and only allowing in/out what I've specified above. I thank you in advance. - Mark D To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000101c22d1a$a54d6e70$6401a8c0>