Date: Tue, 8 Jan 2013 16:44:55 +0200 From: Sami Halabi <sodynet1@gmail.com> To: freebsd-ipfw <freebsd-ipfw@freebsd.org>, freebsd-net@freebsd.org Subject: firewall rules for core router Message-ID: <CAEW%2BogaCS9XuLOM9ZonnMkR-JyJckicY=xKX1y8drFKHn3UTbA@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Anh one? =D7=91=D7=AA=D7=90=D7=A8=D7=99=D7=9A 7 =D7=91=D7=99=D7=A0=D7=95 2013 18:09,= =D7=9E=D7=90=D7=AA "Sami Halabi" <sodynet1@gmail.com>: > Hi, > i have a core router that i want to enable firewall on it. > is these enough for a start: > > ipfw add 100 allow all from any to any via lo0 > ipfw add 25000 allow all from me to any > ipfw add 25100 allow ip from "table(7)" to me dst-port 179 > #ipfw add 25150 allow ip from "table(7)" to me > ipfw add 25200 allow ip from "table(8)" to me dst-port 161 > #ipfw add 25250 allow ip from "table(8)" to me > ipfw add 25300 allow all from any to me dst-port 22 > ipfw add 25400 allow icmp from any to any > ipfw add 25500 deny all from any to me > ipfw add 230000 allow all from any to any > > while table-7 are my BGP peers, table-8 my NMS. > > do i need to open anything more? any routing protocol/forwarding plan > issues? > > > another thing: > i plan to add the following rule > ipfw add 26000 fwd w.x.y.z all from a.b.c.0/24 to any > > will this work?, does my peer (ISP, with Cisco/Juniper equipment) needs t= o > do anything else? > Thanks in advance, > > -- > Sami Halabi > Information Systems Engineer > NMS Projects Expert > FreeBSD SysAdmin Expert >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAEW%2BogaCS9XuLOM9ZonnMkR-JyJckicY=xKX1y8drFKHn3UTbA>