Date: Fri, 5 May 2000 08:09:28 +0200 From: Marc Silver <marcs@draenor.org> To: freebsd-security@freebsd.org Subject: Firewall Rules Message-ID: <20000505080928.Q80532@draenor.org>
next in thread | raw e-mail | index | archive | help
Hey all, I am currently working on some documentation on ipfw and natd with ppp. The following rules are for a basic dialup firewall that will allow connections on port 80. Are these rules sound, and if not, how could they be improved? If possible, please reply to me, as I am not subscribed to FreeBSD-security. :) Thanks, Marc fwcmd="/sbin/ipfw" $fwcmd -f flush $fwcmd add divert natd all from any to any via tun0 $fwcmd add allow ip from any to any via lo0 $fwcmd add allow ip from any to any via fxp0 $fwcmd add allow tcp from any to any out xmit tun0 setup $fwcmd add allow tcp from any to any via tun0 established $fwcmd add pass log tcp from any to any 80 setup $fwcmd add reset log tcp from any to any 113 in recv tun0 $fwcmd add allow udp from any to x.x.x.x 53 out xmit tun0 $fwcmd add allow udp from any to x.x.x.x 53 out xmit tun0 $fwcmd add allow udp from x.x.x.x 53 to any in recv tun0 $fwcmd add allow udp from x.x.x.x 53 to any in recv tun0 $fwcmd add 65435 allow icmp from any to any $fwcmd add 65435 deny log ip from any to any To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000505080928.Q80532>