Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 26 Apr 2011 09:52:16 +0200
From:      Polytropon <freebsd@edvax.de>
To:        Antonio Olivares <olivares14031@gmail.com>
Cc:        FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   Re: easy Firewall setup
Message-ID:  <20110426095216.c9f1aa13.freebsd@edvax.de>
In-Reply-To: <BANLkTinJT60CsmGZbcWMpK9T6HVZiYz6CA@mail.gmail.com>
References:  <BANLkTi=Ve56c_QhFnA5c0xoRPf82eZZ=1w@mail.gmail.com> <E47DF11F58AD07F5980F970D@mac-pro.magehandbook.com> <BANLkTinJT60CsmGZbcWMpK9T6HVZiYz6CA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, 25 Apr 2011 21:34:41 -0500, Antonio Olivares <olivares14031@gmail.com> wrote:
> Thanks for sharing this.  I have a base FreeBSD 8.2 system on one
> machine and I would like to setup a firewall that allows me to visit
> websites and not allow incoming traffic.  Something easy to set up and
> start like
> /etc/local/rc.d/rc.pf start
> or similar.  A nice example which I can change somethings like name of
> network device, i.e, nv0, or similar device.
> 
> I will try further reading and try to set something up as I am afraid
> to screw things up.

You can easily do this with IPFW (from the base system)

Step 1: Create a file /etc/ipfw.conf which will contain
your firewall rules. Depending on what you need, try out
something like this:

	-f flush
	add allow ip  from any to any
	add allow tcp from any to any ftp in recv xl0
	add allow tcp from any to any ssh in recv xl0
	add deny  ip  from any to any

Of course you'll have to replace xl0 with the correct
device name; "ifconfig -a" will surely tell you.

Please see that this is just an excerpt of an example.
In this case, FTP and SSH should be allowed for incoming,
everything else will be denied. If you do not want to use
FTP - nobody seriously wants that :-) - do not enable it.
The reference for SSH also goes to the default port, maybe
you want to choose a different one.

Step 2: Edit /etc/rc.conf to contain the following lines:

	firewall_enable="YES"
	firewall_type="/etc/ipfw.conf"

Step 3: Start (or restart) the firewall: 

	# /etc/rc.d/ipfw start

See the information contained in "man ipfw"; it's "strong
tobacco", but it provides very good knowledge about how to
properly configure the firewall, containing examples that
you can use for form your own rules, like "allow anything
from inside to outside, but deny any requests coming from
outside".




-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110426095216.c9f1aa13.freebsd>