From owner-freebsd-questions Sun Dec 15 22:20:29 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E7E5937B401 for ; Sun, 15 Dec 2002 22:20:27 -0800 (PST) Received: from sage.thought.org (dsl231-043-140.sea1.dsl.speakeasy.net [216.231.43.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id A522843E4A for ; Sun, 15 Dec 2002 22:20:26 -0800 (PST) (envelope-from kline@thought.org) Received: from thought.org (root@tao [10.0.0.247]) by sage.thought.org (8.11.4/8.11.4) with ESMTP id gBG6KY824269 for ; Sun, 15 Dec 2002 22:20:34 -0800 (PST) (envelope-from kline@thought.org) Received: (from kline@localhost) by thought.org (8.12.6/8.11.3) id gBG6KO4c020807 for freebsd-questions@FreeBSD.ORG; Sun, 15 Dec 2002 22:20:24 -0800 (PST) (envelope-from kline) Date: Sun, 15 Dec 2002 22:20:23 -0800 From: Gary D Kline To: FreeBSD Mailing List Subject: To ipfw wizards: does this look valid? Message-ID: <20021216062023.GA20796@tao.thought.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Organization: Thought Unlimited. Public service Unix since 1986. X-Of_Interest: Observing 16 years of service to the Unix community User-Agent: Mutt/1.5.1i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Appended is my first cut at translation from ipf to ipfw. Would the lines prepended with [IPFW] do what the [IPF] lines do? thanks for any insights, gary -- Gary Kline kline@thought.org www.thought.org Public service Unix [IPF] pass out quick on dc0 proto tcp from any to any keep state [IPF] pass out quick on dc0 proto udp from any to any keep state [IPF] pass out quick on dc0 proto icmp from any to any keep state [IPFW] add 100 allow tcp from any to any in via dc0 [IPFW] add 200 allow udp from any to any in via dc0 [IPFW] 300 allow icmp from any to any out icmptypes 8 [IPFW] 400 allow icmp from any to any in icmptypes 0 [IPFW] 500 deny icmp from any to any in icmptypes 8 # Let in SSH on port 22 [IPF] pass in quick on dc0 proto tcp from any to 216.231.43.140/32 port = 22 [IPF] pass in quick on dc0 proto udp from any to 216.231.43.140/32 port = 22 # Allow in SSH on port 22 [IPFW] add 1100 allow tcp from any to 216.231.43.140 22 in via dc0 [IPFW] add 1200 allow udp from any to 216.231.43.140 22 in via dc0 [ # Let in FTP data connections [IPF] pass in quick on dc0 proto tcp from any to any port 7499 >< 8501 [IPF] pass in quick on dc0 proto tcp from any to any port = 21 # Allow FTP data connections [IPFW] add 1300 allow tcp from any to 216.231.43.140 21 7499-8501 in via dc0 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message