Date: Fri, 28 Dec 2001 22:27:03 -0500 From: "Doug Reynolds" <mav@wastegate.net> To: "freebsd-questions" <freebsd-questions@freebsd.org> Subject: ipfw rules Message-ID: <20011229032535.CAD99482AB@wastegate.net>
next in thread | raw e-mail | index | archive | help
can someone pick this apart and see if it is ok??
i want to run:
httpd
sshd
ftpd
smtp
telnet
& pop3
i pickup this up off google someplace and changed it a bit
# Define the firewall command (as in /etc/rc.firewall) for easy
# reference. Helps to make it easier to read.
fwcmd="/sbin/ipfw"
# Force a flushing of the current rules before we reload.
$fwcmd -f flush
# Divert all packets through the tunnel interface.
$fwcmd add divert natd all from any to any via tun0
# Allow all data from my network card and localhost. Make sure you
# change your network card (mine was fxp0) before you reboot. :)
$fwcmd add allow ip from any to any via lo0
$fwcmd add allow ip from any to any via xl0
# Allow all connections that I initiate.
$fwcmd add allow tcp from any to any out xmit tun0 setup
# Once connections are made, allow them to stay open.
$fwcmd add allow tcp from any to any via tun0 established
# Everyone on the internet is allowed to connect to the following
# services on the machine. This example specifically allows
connections
# to ssh and apache.
$fwcmd add allow tcp from any to any 80 setup # httpd
$fwcmd add allow tcp from any to any 22 setup # ssh
$fwcmd add allow tcp from any to any 21 setup # ftp
$fwcmd add allow udp from any to any 21 setup
$fwcmd add allow tcp from any to any 20 setup # ftp-data
#$fwcmd add allow udp from any to any 20 setup
$fwcmd add allow tcp from any to any 25 setup # smtp
#$fwcmd add allow udp from any to any 25 setup
$fwcmd add allow tcp from any to any 465 setup # ssl smtp
#$fwcmd add allow udp from any to any 465 setup
$fwcmd add allow tcp from any to any 110 setup # pop3
$fwcmd add allow udp from any to any 110 setup
$fwcmd add allow tcp from any to any 23 setup # telnet
$fwcmd add allow udp from any to any 23 setup
# This sends a RESET to all ident packets.
$fwcmd add reset log tcp from any to any 113 in recv tun0
# Allow outgoing DNS queries ONLY to the specified servers.
$fwcmd add allow udp from any to any 53 out xmit tun0
# Allow them back in with the answers... :)
$fwcmd add allow udp from any 53 to any in recv tun0
# Allow ICMP (for ping and traceroute to work). You may wish to
# disallow this, but I feel it suits my needs to keep them in.
$fwcmd add 65435 allow icmp from any to any
# Deny all the rest.
$fwcmd add 65435 deny log ip from any to any
---
doug reynolds | the maverick | mav@wastegate.net
PGP Public Key Fingerprint: 6E7B 9993 B503 6D45 E33A 2019 26E5 C1DB
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011229032535.CAD99482AB>