From owner-freebsd-ipfw  Tue Jan 18  9:37:55 2000
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mail.alpha1.net (mail.alpha1.net [216.88.112.3])
	by hub.freebsd.org (Postfix) with ESMTP
	id 00B2314C07; Tue, 18 Jan 2000 09:37:47 -0800 (PST)
	(envelope-from marius@alpha1.net)
Received: from marius.org (marius@marius.org [216.88.115.170])
	by mail.alpha1.net (8.9.3/8.9.3) with ESMTP id KAA01393;
	Tue, 18 Jan 2000 10:28:45 -0600
Date: Tue, 18 Jan 2000 10:28:44 -0600 (CST)
From: Marius Strom <marius@alpha1.net>
X-Sender: marius@marius.org
To: Omachonu Ogali <oogali@intranova.net>
Cc: Brian Gallucci <briang@expnet.net>, isp@FreeBSD.ORG,
	freebsd-ipfw@FreeBSD.ORG
Subject: Re: New Firewall
In-Reply-To: <Pine.BSF.4.10.10001181116020.131-100000@hydrant.intranova.net>
Message-ID: <Pine.BSF.4.21.0001181028120.2429-100000@marius.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Incidentally, you may want to allow (udp|tcp)/53 for DNS services inbound,
if that's necessary. ( It's fumbled many a new FW setup )

-- 
Marius Strom <marius@alpha1.net>
Professional Geek/Unix System Administrator
Alpha1 Internet <http://www.alpha1.net>
http://www.marius.org/marius.pgp 0x5645C228

In theory, there is no difference between theory and practice...
...In practice, there is a big difference.

On Tue, 18 Jan 2000, Omachonu Ogali wrote:

> The following rules can help if you are going to be running SMTP, HTTP,
> POP3, and HTTPS, delete what you don't need.
> 
> # -- Pass through for already established connections
> ipfw add allow tcp from any to any established
> 
> # -- SMTP
> ipfw add allow tcp from any to x.x.x.x 25
> 
> # -- HTTP
> ipfw add allow tcp from any to x.x.x.x 80
> 
> # -- POP3
> ipfw add allow tcp from any to x.x.x.x 110
> 
> # -- HTTPS
> ipfw add allow tcp from any to x.x.x.x 443
> 
> # -- Allow setup of outgoing connections
> ipfw add allow tcp from x.x.x.x to any setup
> 
> # -- Deny setup of other incoming connections
> ipfw add deny tcp from any to any setup
> 
> # -- Deny other incoming IP packets.
> ipfw add deny ip from any to any
> 
> Omachonu Ogali
> Intranova Networking Group
> 
> On Tue, 18 Jan 2000, Brian Gallucci wrote:
> 
> > We are looking at putting up a new firewall at one of our clients sites
> > using FreeBSD 3-4. Is there any bugs we should know about with IPFW ? They
> > will be
> > doing some webhosting and email.
> > 
> > Thanks
> > -Brian
> > 
> > 
> > 
> > 
> > 
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-isp" in the body of the message
> > 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message