Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 19 Sep 1998 22:18:15 -0500
From:      Kim Shrier <kim@tinker.com>
To:        Paul Dlug <voxelman@hotmail.com>
Cc:        freebsd-isp@FreeBSD.ORG
Subject:   Re: Please i am desperate for help with ipfw
Message-ID:  <360473F7.EAFA1E2@tinker.com>
References:  <19980919191633.20317.qmail@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Paul Dlug wrote:
> 
> Ok I am desperately in need of some assistance i'm trying to block out
> all ports on a system and just enable telnet from two IP #'s that I set.
> I also need to be able to have port 80 open so people can access the web
> server..that's its purpose...Can someone please e-mail me back with some
> help I have worked with ipfw alot but i can't figure this out or what
> i'm doing wrong. I'm going insane...save me :)
> 
> --Paul
> voxelman@hotmail.com

Try something like the following:

############# beginning of firewall rules #######################
rule="/sbin/ipfw -q add"

TELNET="23"
HTTP="80,443"

HIGH="1024-65535"

# address of me
me="www.xxx.yyy.zzz"		# replace with real IP address

# machines with telnet access to me
machine1="aaa.bbb.ccc.ddd"	# replace with real IP address
machine2="eee.fff.ggg.hhh"	# replace with real IP address

############    WWW Rules, see C&Z p.253

# Allow www (and SSL) from outside to public Web server
        $rule pass tcp from any $HIGH  to $in $HTTP in
        $rule pass tcp from $me $HTTP  to any $HIGH out established

############    Telnet Rules, see C&Z p.239-40

# Allow inbound telnet from the approved machines to me

        $rule pass tcp from $machine1   to $me $TELNET in
        $rule pass tcp from $me $TELNET to $machine1   out established

        $rule pass tcp from $machine2   to $me $TELNET in
        $rule pass tcp from $me $TELNET to $machine2   out established

#################### end of firewall rules ######################



I also always put rules in to block rfc 1918 packets as well as blocking
packets from the outside that have my IP address as a source IP address.


Hope this helps,
Kim Shrier
kim@tinker.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?360473F7.EAFA1E2>