Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 18 Jan 2000 10:28:44 -0600 (CST)
From:      Marius Strom <marius@alpha1.net>
To:        Omachonu Ogali <oogali@intranova.net>
Cc:        Brian Gallucci <briang@expnet.net>, isp@FreeBSD.ORG, freebsd-ipfw@FreeBSD.ORG
Subject:   Re: New Firewall
Message-ID:  <Pine.BSF.4.21.0001181028120.2429-100000@marius.org>
In-Reply-To: <Pine.BSF.4.10.10001181116020.131-100000@hydrant.intranova.net>

next in thread | previous in thread | raw e-mail | index | archive | help
Incidentally, you may want to allow (udp|tcp)/53 for DNS services inbound,
if that's necessary. ( It's fumbled many a new FW setup )

-- 
Marius Strom <marius@alpha1.net>
Professional Geek/Unix System Administrator
Alpha1 Internet <http://www.alpha1.net>;
http://www.marius.org/marius.pgp 0x5645C228

In theory, there is no difference between theory and practice...
...In practice, there is a big difference.

On Tue, 18 Jan 2000, Omachonu Ogali wrote:

> The following rules can help if you are going to be running SMTP, HTTP,
> POP3, and HTTPS, delete what you don't need.
> 
> # -- Pass through for already established connections
> ipfw add allow tcp from any to any established
> 
> # -- SMTP
> ipfw add allow tcp from any to x.x.x.x 25
> 
> # -- HTTP
> ipfw add allow tcp from any to x.x.x.x 80
> 
> # -- POP3
> ipfw add allow tcp from any to x.x.x.x 110
> 
> # -- HTTPS
> ipfw add allow tcp from any to x.x.x.x 443
> 
> # -- Allow setup of outgoing connections
> ipfw add allow tcp from x.x.x.x to any setup
> 
> # -- Deny setup of other incoming connections
> ipfw add deny tcp from any to any setup
> 
> # -- Deny other incoming IP packets.
> ipfw add deny ip from any to any
> 
> Omachonu Ogali
> Intranova Networking Group
> 
> On Tue, 18 Jan 2000, Brian Gallucci wrote:
> 
> > We are looking at putting up a new firewall at one of our clients sites
> > using FreeBSD 3-4. Is there any bugs we should know about with IPFW ? They
> > will be
> > doing some webhosting and email.
> > 
> > Thanks
> > -Brian
> > 
> > 
> > 
> > 
> > 
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-isp" in the body of the message
> > 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0001181028120.2429-100000>