Date: Thu, 4 Dec 2008 16:26:04 -0800 (PST) From: G magicman <gwg7webbcom@yahoo.com> To: Freebsd Questions <freebsd-questions@freebsd.org> Subject: IPFW Firewall Question Message-ID: <916515.67967.qm@web52202.mail.re2.yahoo.com>
next in thread | raw e-mail | index | archive | help
1.=A0 I need help to reconfigure my firewall on the server using BSD's ipfw here is part of the configuration file so far that the Co-lo people put in. 2. short of a reboot how do you start stop and restart the=A0 firewall #!/usr/local/bin/bash export IPF=3D"ipfw -q add" ports=3D"11 21 22 23 25 37 42 43 53 63 69 70 80 101 109 110 115 119 123 143= 443 4321 50001" clearaddresses=3D"209.131.0.0/16 66.65.0.0/16 71.173.96.0/19 71.173.128.0/1= 7 blah blah" count=3D60 ipfw -q -f flush $IPF 10 allow all from any to any via lo0 $IPF 20 deny all from any to 127.0.0.0/8 $IPF 30 deny all from 127.0.0.0/8 to any $IPF 40 deny tcp from any to any frag $IPF 50 allow icmp from any to any for a in $clearaddresses; do =A0=A0=A0=A0=A0=A0=A0 $IPF $count allow ip from $a to any =A0=A0=A0=A0=A0=A0=A0 $IPF $(($count+1)) allow ip from any to $a =A0=A0=A0=A0=A0=A0=A0 count=3D$(($count+10)) done for p in $ports; do =A0=A0=A0=A0=A0=A0=A0 $IPF $count allow ip from any to any $p in =A0=A0=A0=A0=A0=A0=A0 $IPF $(($count+1)) allow ip from any to any $p out =A0=A0=A0=A0=A0=A0=A0 $IPF $(($count+2)) allow ip from any $p to any in =A0=A0=A0=A0=A0=A0=A0 $IPF $(($count+3)) allow ip from any $p to any out =A0=A0=A0=A0=A0=A0=A0 count=3D$(($count+10)) done $IPF 5000 deny log all from any to any echo Firewall created Here is what i want : 1. i want all ports open to the ipaddresses in line 4 "clearaddresses" 2. I want to be able to control access to port 25 sendmail to be able to de= ny =A0=A0=A0=A0=A0 whole "A" "B" and "C" addresses Why because of the following: 1. Hosts.access=A0 on freebsd works on the Application Layer instead of the= Network Layer Therefore Hosts.allow/hosts.deny=A0=A0 no longer works the way i want and i= do not feel like running Sendmail and sshd out of Inetd which appearantly = is the only way to be able to use hosts.allow/deny 2. Next openssh doesnot have an AllowHosts directive like the Finnish one d= oes it only has an AllowUsers directive so i need to protect the system fro= m DDOS attacks and Hacking I already tried to block things using the Sendmail Access file but all that= did was choak up the server with moronic shit.=A0 And i want to be able to= use my sftp program but it opens random ports which can not be controlled = so i need the Clearaddresses to be able to see all ports. =0A=0A=0A
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?916515.67967.qm>