From owner-freebsd-isp Tue Jan 18 10: 2: 0 2000 Delivered-To: freebsd-isp@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id 927B614FD9; Tue, 18 Jan 2000 10:01:51 -0800 (PST) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id KAA48678; Tue, 18 Jan 2000 10:01:42 -0800 (PST) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <200001181801.KAA48678@gndrsh.dnsmgr.net> Subject: Re: New Firewall In-Reply-To: from James Wyatt at "Jan 18, 2000 11:44:19 am" To: jwyatt@rwsystems.net (James Wyatt) Date: Tue, 18 Jan 2000 10:01:42 -0800 (PST) Cc: oogali@intranova.net (Omachonu Ogali), briang@expnet.net (Brian Gallucci), isp@FreeBSD.ORG, freebsd-ipfw@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Oops, good call! Make sure you add the 'add pass tcp from any to any > wstablished' rule so you can get past the setup. Hey, aren't we just > building the /etc/rc.firewall file again? (^_^) ipfw rules! - Jy@ The established rule is already there, stop speed reading.. ipfw is not a place to do things fast and hasty, but slow and careful. > > On Tue, 18 Jan 2000, Rodney W. Grimes wrote: > > > The following rules can help if you are going to be running SMTP, HTTP, > > > POP3, and HTTPS, delete what you don't need. > > > > Allowing anything other than ``setup'' packets on these rules is a mistake... > > > > > # -- Pass through for already established connections > > > ipfw add allow tcp from any to any established ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > > > > > # -- SMTP > > > ipfw add allow tcp from any to x.x.x.x 25 > > ^setup > > > > [ ... ] > > -- Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message