Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 18 Jan 2000 09:35:34 -0800 (PST)
From:      "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>
To:        oogali@intranova.net (Omachonu Ogali)
Cc:        briang@expnet.net (Brian Gallucci), isp@FreeBSD.ORG, freebsd-ipfw@FreeBSD.ORG
Subject:   Re: New Firewall
Message-ID:  <200001181735.JAA48588@gndrsh.dnsmgr.net>
In-Reply-To: <Pine.BSF.4.10.10001181116020.131-100000@hydrant.intranova.net> from Omachonu Ogali at "Jan 18, 2000 11:22:27 am"
next in thread | previous in thread | raw e-mail | index | archive | help 

> The following rules can help if you are going to be running SMTP, HTTP,
> POP3, and HTTPS, delete what you don't need.

Allowing anything other than ``setup'' packets on these rules is a mistake...

> 
> # -- Pass through for already established connections
> ipfw add allow tcp from any to any established
> 
> # -- SMTP
> ipfw add allow tcp from any to x.x.x.x 25
                                             ^setup
> 
> # -- HTTP
> ipfw add allow tcp from any to x.x.x.x 80
                                             ^setup
> 
> # -- POP3
> ipfw add allow tcp from any to x.x.x.x 110
                                             ^setup
> 
> # -- HTTPS
> ipfw add allow tcp from any to x.x.x.x 443
                                             ^setup
> 
> # -- Allow setup of outgoing connections
> ipfw add allow tcp from x.x.x.x to any setup
> 
> # -- Deny setup of other incoming connections
> ipfw add deny tcp from any to any setup
> 
> # -- Deny other incoming IP packets.
> ipfw add deny ip from any to any

This should be the default rule and is not needed...

> 
> Omachonu Ogali
> Intranova Networking Group
> 
> On Tue, 18 Jan 2000, Brian Gallucci wrote:
> 
> > We are looking at putting up a new firewall at one of our clients sites
> > using FreeBSD 3-4. Is there any bugs we should know about with IPFW ? They
> > will be
> > doing some webhosting and email.
> > 
> > Thanks
> > -Brian
> > 
> > 
> > 
> > 
> > 
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-isp" in the body of the message
> > 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-ipfw" in the body of the message
> 


-- 
Rod Grimes - KD7CAX @ CN85sl - (RWG25)               rgrimes@gndrsh.dnsmgr.net


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001181735.JAA48588>