Date: Fri, 29 Dec 2017 04:20:17 -0800 From: David Wolfskill <david@catwhisker.org> To: =?utf-8?B?5pa55Z2k?= <quinefang@gmail.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw rules for modern FreeBSD? Message-ID: <20171229122017.GO1555@albert.catwhisker.org> In-Reply-To: <CADf1OUcriyXuG1t-iSY291X%2BpHFPC_1ee69WmxTKTWCLQv0XxQ@mail.gmail.com> References: <CADf1OUcriyXuG1t-iSY291X%2BpHFPC_1ee69WmxTKTWCLQv0XxQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--dq1bAwW2kQB+exoT Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Dec 29, 2017 at 05:21:34PM +0800, =E6=96=B9=E5=9D=A4 wrote: > Dear ipfw maintainer, >=20 > I read the following from > https://www.freebsd.org/cgi/man.cgi?query=3Dipfw&sektion=3D8&manpath=3Dfr= eebsd-release-ports#end > .... > And, my firewall_script as follows: >=20 > #!/bin/sh >=20 > fwcmd=3D"/sbin/ipfw -q" >=20 > ${fwcmd} -f flush >=20 > ${fwcmd} add allow proto tcp src-ip me setup keep-state :default >=20 > ${fwcmd} add allow proto udp src-ip me keep-state :default >=20 >=20 >=20 > And, I found these rules is not protecting my FreeBSD box. >=20 > Question: How can I write ipfw rules for modern FreeBSD only? > ..... First, you need to determine what "protecting my FreeBSD box" means for your situation. Please note that whatever you determine at first, the result is likely to evolve over time. You will alsmost certainly benefit from a study of /etc/rc.firewall -- possibly to help you understand what kinds of "protection" ipfw can provide (and how to implement them) -- but also to help you clarify your own "protection" requirements. Peace, david --=20 David H. Wolfskill david@catwhisker.org If Trump is "taking names" re: the UN Jerusalem vote, he can add mine. See http://www.catwhisker.org/~david/publickey.gpg for my public key. --dq1bAwW2kQB+exoT Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQF8BAEBCgBmBQJaRjMBXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRDQ0I3Q0VGOTE3QTgwMUY0MzA2NEQ3N0Ix NTM5Q0M0MEEwNDlFRTE3AAoJEBU5zECgSe4XlBQIAJrFWfhcqiQ/0bj4E9YP7KTt c7UqkCjS4HM16Epv/KjVdZSdFP96cBxiSS0UHPYGMEGQ2oP7+cUNJX9lONzckPaE 840gCBYx0RcvtoocmHNBisd8nJD9bIzY5xT5jBA4LS2G16zIMwKBiamCVxvIwH0f pNBPmNZwvcIhFc1z9yph16rgvKVqaJoUP0lYOI4pcHmH+5z0GyELpxVf8egboU/i lVkbf4wfXA0E6YlMTJy37ThK1fLV+c4jtwTT0uMUx3WaGYj/ik+X0jns0iCCVbvU vBrvoHNXkiR7b2hrsaEM7GsgI37F7RBb/hqjcnPM3CdXwCeesdDZAExtuDgRJe4= =Efho -----END PGP SIGNATURE----- --dq1bAwW2kQB+exoT--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20171229122017.GO1555>