From owner-freebsd-security Thu May 4 23: 8:11 2000 Delivered-To: freebsd-security@freebsd.org Received: from draenor.org (draenor.org [196.36.204.219]) by hub.freebsd.org (Postfix) with ESMTP id 29B1937B989 for ; Thu, 4 May 2000 23:08:07 -0700 (PDT) (envelope-from marcs@draenor.org) Received: from marcs by draenor.org with local (Exim 3.12 #1) id 12nbIm-00017n-00 for freebsd-security@freebsd.org; Fri, 05 May 2000 08:09:28 +0200 Date: Fri, 5 May 2000 08:09:28 +0200 From: Marc Silver To: freebsd-security@freebsd.org Subject: Firewall Rules Message-ID: <20000505080928.Q80532@draenor.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i X-Operating-System: FreeBSD 3.4-STABLE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hey all, I am currently working on some documentation on ipfw and natd with ppp. The following rules are for a basic dialup firewall that will allow connections on port 80. Are these rules sound, and if not, how could they be improved? If possible, please reply to me, as I am not subscribed to FreeBSD-security. :) Thanks, Marc fwcmd="/sbin/ipfw" $fwcmd -f flush $fwcmd add divert natd all from any to any via tun0 $fwcmd add allow ip from any to any via lo0 $fwcmd add allow ip from any to any via fxp0 $fwcmd add allow tcp from any to any out xmit tun0 setup $fwcmd add allow tcp from any to any via tun0 established $fwcmd add pass log tcp from any to any 80 setup $fwcmd add reset log tcp from any to any 113 in recv tun0 $fwcmd add allow udp from any to x.x.x.x 53 out xmit tun0 $fwcmd add allow udp from any to x.x.x.x 53 out xmit tun0 $fwcmd add allow udp from x.x.x.x 53 to any in recv tun0 $fwcmd add allow udp from x.x.x.x 53 to any in recv tun0 $fwcmd add 65435 allow icmp from any to any $fwcmd add 65435 deny log ip from any to any To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message