From owner-freebsd-questions Sun Aug 6 13:25: 9 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id F0AB637B512 for ; Sun, 6 Aug 2000 13:25:06 -0700 (PDT) (envelope-from cjc@184.215.6.64.reflexcom.com) Received: from 184.215.6.64.reflexcom.com ([64.6.215.184]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Sun, 6 Aug 2000 13:24:04 -0700 Received: (from cjc@localhost) by 184.215.6.64.reflexcom.com (8.9.3/8.9.3) id NAA47531; Sun, 6 Aug 2000 13:25:04 -0700 (PDT) (envelope-from cjc) Date: Sun, 6 Aug 2000 13:25:04 -0700 From: "Crist J . Clark" To: whitehat@home.com Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ipfw woes Message-ID: <20000806132504.A47129@184.215.6.64.reflexcom.com> Reply-To: cjclark@alum.mit.edu References: <398D86E7.96155C72@home.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <398D86E7.96155C72@home.com>; from whitehat@home.com on Sun, Aug 06, 2000 at 08:40:23AM -0700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, Aug 06, 2000 at 08:40:23AM -0700, whitehat@home.com wrote: > Hi..let me start by saying I have "RTFM" and looked for examples, but > none of them helped much. So any help you can provide will be much > appreciated. Here goes... > > This is my first experience with ipfw, and I have struggled with rules > ever since day one. X will not start, IRC will not work, etc. My ideal > setup is this: Deny by default, Allow X server connections by > localhost, You probably want to pass all traffic from localhost to localhost, add 100 pass all from any to any via lo0 add 200 deny log all from any to 127.0.0.0/8 > allow all internet traffic from ed0 to my ISP (i use a cable > modem), add pass ip from to any out via ed0 keep-state And have a check-state rule somewhere else. > allow IRC traffic, allow HTTP, Allow these in? Yuk, but OK, add pass tcp from any to 80 in via ed0 add pass tcp from any to 194 in via ed0 Actually, you probably need some other open ports to get IRC working. I've never set one up, so I dunno more. > and block everything else. If > someone could direct me towards an example ruleset that would do that, I > would be EXTREMELY greatful. Have you looked at the /etc/rc.firewall on your system yet? -- Crist J. Clark cjclark@alum.mit.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message