Date: Thu, 4 Nov 1999 10:44:39 -0700 From: "Curtis Schofield" <schofiel@home.com> To: <freebsd-security@FreeBSD.ORG> Subject: FW: rc.firewall Message-ID: <NDBBLOPPCLHEGEGAGOANOEFOCAAA.schofiel@home.com>
next in thread | raw e-mail | index | archive | help
hello, i was checking out my firewall, an it seems that it doesn't actually do anything =), i've been tring to get it to block FTP lately for example, but when i ftp in from a remote host it isn't blocked.. Could someOne help me? This is my situation: I am running DHCPclient and as such i don't have a static ip that i could put into the rc.firewall, i was told that it would be OK to generalize the whole thing (ie any to any) but it doesn't apear to be working.. #!/bin/sh fwcmd="/sbin/ipfw -N" $fwcmd -f flush $fwcmd add 100 divert natd all from any to any via xl0 $fwcmd add 110 pass all from any to any $fwcmd add 120 pass all from any to any via lo0 $fwcmd add 130 pass tcp from any to any established $fwcmd add 144 pass all from 10.0.0.0/3 to any #accept $fwcmd add 200 pass tcp from any to any 25 # sendmail #$fwcmd add 310 pass tcp from any to any 20-21 # ftp $fwcmd add 320 pass tcp from any to any 22 # ssh $fwcmd add 315 pass udp from any 53 to any # dns (don't log) ##$fwcmd add 318 pass udp from any 9000 to any # Asherons Call $fwcmd add 350 pass tcp from any to any 80 # werld wide weeb $fwcmd add 320 pass tcp from any to any 110 # pop3 #deny $fwcmd add 10000 deny log tcp from any to any 20-21 # block FTP $fwcmd add 10001 deny log udp from any to any 20-21 # block FTP $fwcmd add 10160 deny log icmp from any to any #icmp $fwcmd add 10160 deny log udp from any to any #udp $fwcmd add 10155 deny log tcp from any to any 2049 #nfs (tcp) $fwcmd add 10155 deny log tcp from any to any 0-1024 #services $fwcmd add 10155 deny log tcp from any to any 12300-12350 #netbus $fwcmd add 10150 deny log tcp from any to any 23 # use ssh not telnet #accept remaining #$fwcmd add 6500 pass all from any to any I have commented some stuff out, as i was monkeying with it.. I also have IPFIREWALL IPFIREWALL_VERBOSE IPDIVERT IPFIREWALL_FORWARD in the kernel Please someone help? Why doesn't this apear to work.. (the only thing i could do to stop ftp was comment it out in /etc/services) I'm new to ipfw, and wouldn't mind if someone could help and or point me to resources that would help with this problem THanks! Curtis To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NDBBLOPPCLHEGEGAGOANOEFOCAAA.schofiel>