Date: Tue, 1 Jun 2004 00:38:10 -0700 (PDT) From: bryan cassidy <linux_kinda_guy@yahoo.com> To: freebsd-questions@freebsd.org Subject: IPFW Ruleset Help Message-ID: <20040601073810.72095.qmail@web21504.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
Hello. Running FreeBSD 4.10. After I reboot with my new ipfw.rules I can't load any webpages. I didn't try by IP address cause I can't remember any off top at the moment. Here is my following setup In my kernel I have options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=10 options IPSTEALTH In my rc.conf I have firewall_enable="YES" firewall_script="/etc/rc.firewall" firewall_type="OPEN" firewall_quiet="NO" firewall_logging_enable="YES" icmp_drop_redirect="YES" log_in_vain="YES" tcp_drop_sysfin="YES" tcp_restrict_rst="YES" In my /etc/ipfw.rules I have add 00300 deny log tcp from any to any 515 in recv xl0 add 00301 deny tcp from any to any 7101 in recv xl0 add 00302 deny log tcp from any to any 6000 in recv xl0 add 00303 allow log tcp from any to any 113 inr ecv xl0 setup # DNS add 00310 allow tcp from 205.152.133.254 to any in recv xl0 add 00311 allow tcp from 205.152.132.235 to any in recv xl0 add 00320 allow udp from 205.152.133.254 53 to any in recv xl0 add 00321 allow udp from 205.152.132.235 53 to any in recv xl0 # Deny Below port 1000 add 00399 deny log tcp from any to any 0-1000 in recv xl0 setup # Ntpdate add 00403 allow udp from 123 to any 123 in recv xl0 # Deny UDP connections add 00499 deny log udp from any to any in recv xl0 # Log netbus ( haha ) add 00500 deny log tcp from any to any 12345 in recv xl0 add 00501 deny log tcp from any to any 20034 in recv xl0 # Let my ISP ping me! add 00600 allow icmp from 205.152.133.254 to any in recv xl0 add 00601 allow icmp from 205.152.132.235 to any in recv xl0 # Log ICMP echos and dest add 00610 allow log icmp from any to any in recv xl0 icmptype 3 add 00610 allow log icmp from any to any in recv xl0 icmptype 8 First. Things I will be running. I will be running Apache+PHP later on when I get my box more secure but for now I will be running Postfox for my MTA, I want to be able to send and recieve e-mails and any other *basic* things everyone would want on a everyday basis ya know? If I left out anything that would be helpful please let me know and I will post it to the list. Thanks in advance. __________________________________ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040601073810.72095.qmail>