From owner-freebsd-isp  Tue Jan 18  9:47:10 2000
Delivered-To: freebsd-isp@freebsd.org
Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2])
	by hub.freebsd.org (Postfix) with ESMTP
	id 58D7315097; Tue, 18 Jan 2000 09:47:06 -0800 (PST)
	(envelope-from jwyatt@rwsystems.net)
Received: from bsdie.rwsystems.net([209.197.223.2]) (1439 bytes) by bsdie.rwsystems.net
	via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp
	(sender: <jwyatt@rwsystems.net>) 
	id <m12Acfz-000CCCC@bsdie.rwsystems.net>
	for <freebsd-ipfw@FreeBSD.ORG>; Tue, 18 Jan 2000 11:44:19 -0600 (CST)
	(Smail-3.2.0.106 1999-Mar-31 #1 built 1999-Aug-7)
Date: Tue, 18 Jan 2000 11:44:19 -0600 (CST)
From: James Wyatt <jwyatt@rwsystems.net>
To: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>
Cc: Omachonu Ogali <oogali@intranova.net>,
	Brian Gallucci <briang@expnet.net>, isp@FreeBSD.ORG,
	freebsd-ipfw@FreeBSD.ORG
Subject: Re: New Firewall
In-Reply-To: <200001181735.JAA48588@gndrsh.dnsmgr.net>
Message-ID: <Pine.BSF.4.10.10001181141410.42481-100000@bsdie.rwsystems.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Oops, good call! Make sure you add the 'add pass tcp from any to any
wstablished' rule so you can get past the setup. Hey, aren't we just
building the /etc/rc.firewall file again? (^_^) ipfw rules! - Jy@

On Tue, 18 Jan 2000, Rodney W. Grimes wrote:
> > The following rules can help if you are going to be running SMTP, HTTP,
> > POP3, and HTTPS, delete what you don't need.
> 
> Allowing anything other than ``setup'' packets on these rules is a mistake...
> 
> > # -- Pass through for already established connections
> > ipfw add allow tcp from any to any established
> > 
> > # -- SMTP
> > ipfw add allow tcp from any to x.x.x.x 25
>                                              ^setup
> > 
	[ ... ]



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message