Date: Sun, 6 Aug 2000 13:25:04 -0700 From: "Crist J . Clark" <cjclark@reflexnet.net> To: whitehat@home.com Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ipfw woes Message-ID: <20000806132504.A47129@184.215.6.64.reflexcom.com> In-Reply-To: <398D86E7.96155C72@home.com>; from whitehat@home.com on Sun, Aug 06, 2000 at 08:40:23AM -0700 References: <398D86E7.96155C72@home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Aug 06, 2000 at 08:40:23AM -0700, whitehat@home.com wrote: > Hi..let me start by saying I have "RTFM" and looked for examples, but > none of them helped much. So any help you can provide will be much > appreciated. Here goes... > > This is my first experience with ipfw, and I have struggled with rules > ever since day one. X will not start, IRC will not work, etc. My ideal > setup is this: Deny by default, Allow X server connections by > localhost, You probably want to pass all traffic from localhost to localhost, add 100 pass all from any to any via lo0 add 200 deny log all from any to 127.0.0.0/8 > allow all internet traffic from ed0 to my ISP (i use a cable > modem), add pass ip from <your IP> to any out via ed0 keep-state And have a check-state rule somewhere else. > allow IRC traffic, allow HTTP, Allow these in? Yuk, but OK, add pass tcp from any to <your IP> 80 in via ed0 add pass tcp from any to <your IP> 194 in via ed0 Actually, you probably need some other open ports to get IRC working. I've never set one up, so I dunno more. > and block everything else. If > someone could direct me towards an example ruleset that would do that, I > would be EXTREMELY greatful. Have you looked at the /etc/rc.firewall on your system yet? -- Crist J. Clark cjclark@alum.mit.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000806132504.A47129>