From owner-freebsd-security Thu Nov 4 9:41:33 1999 Delivered-To: freebsd-security@freebsd.org Received: from lh2.rdc1.ab.home.com (ha2.rdc1.ab.wave.home.com [24.64.2.51]) by hub.freebsd.org (Postfix) with ESMTP id 8C99B15717 for ; Thu, 4 Nov 1999 09:41:00 -0800 (PST) (envelope-from schofiel@home.com) Received: from merlin ([24.65.131.93]) by lh2.rdc1.ab.home.com (InterMail v4.01.01.00 201-229-111) with SMTP id <19991104174059.UULJ7692.lh2.rdc1.ab.home.com@merlin> for ; Thu, 4 Nov 1999 09:40:59 -0800 From: "Curtis Schofield" To: Subject: FW: rc.firewall Date: Thu, 4 Nov 1999 10:44:39 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org hello, i was checking out my firewall, an it seems that it doesn't actually do anything =), i've been tring to get it to block FTP lately for example, but when i ftp in from a remote host it isn't blocked.. Could someOne help me? This is my situation: I am running DHCPclient and as such i don't have a static ip that i could put into the rc.firewall, i was told that it would be OK to generalize the whole thing (ie any to any) but it doesn't apear to be working.. #!/bin/sh fwcmd="/sbin/ipfw -N" $fwcmd -f flush $fwcmd add 100 divert natd all from any to any via xl0 $fwcmd add 110 pass all from any to any $fwcmd add 120 pass all from any to any via lo0 $fwcmd add 130 pass tcp from any to any established $fwcmd add 144 pass all from 10.0.0.0/3 to any #accept $fwcmd add 200 pass tcp from any to any 25 # sendmail #$fwcmd add 310 pass tcp from any to any 20-21 # ftp $fwcmd add 320 pass tcp from any to any 22 # ssh $fwcmd add 315 pass udp from any 53 to any # dns (don't log) ##$fwcmd add 318 pass udp from any 9000 to any # Asherons Call $fwcmd add 350 pass tcp from any to any 80 # werld wide weeb $fwcmd add 320 pass tcp from any to any 110 # pop3 #deny $fwcmd add 10000 deny log tcp from any to any 20-21 # block FTP $fwcmd add 10001 deny log udp from any to any 20-21 # block FTP $fwcmd add 10160 deny log icmp from any to any #icmp $fwcmd add 10160 deny log udp from any to any #udp $fwcmd add 10155 deny log tcp from any to any 2049 #nfs (tcp) $fwcmd add 10155 deny log tcp from any to any 0-1024 #services $fwcmd add 10155 deny log tcp from any to any 12300-12350 #netbus $fwcmd add 10150 deny log tcp from any to any 23 # use ssh not telnet #accept remaining #$fwcmd add 6500 pass all from any to any I have commented some stuff out, as i was monkeying with it.. I also have IPFIREWALL IPFIREWALL_VERBOSE IPDIVERT IPFIREWALL_FORWARD in the kernel Please someone help? Why doesn't this apear to work.. (the only thing i could do to stop ftp was comment it out in /etc/services) I'm new to ipfw, and wouldn't mind if someone could help and or point me to resources that would help with this problem THanks! Curtis To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message