From owner-freebsd-ipfw@FreeBSD.ORG  Sun Jul  4 23:05:40 2004
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1620916A4CE
	for <freebsd-ipfw@freebsd.org>; Sun,  4 Jul 2004 23:05:40 +0000 (GMT)
Received: from loncoche.terra.com.br (loncoche.terra.com.br [200.154.55.229])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9AB4943D1D
	for <freebsd-ipfw@freebsd.org>; Sun,  4 Jul 2004 23:05:39 +0000 (GMT)
	(envelope-from ppj@netfilter.com.br)
Received: from estero.terra.com.br (estero.terra.com.br [200.154.55.138])
	by loncoche.terra.com.br (Postfix) with ESMTP id DA8BAE78419
	for <freebsd-ipfw@freebsd.org>; Sun,  4 Jul 2004 20:05:38 -0300 (BRT)
Received: from vilapnq0uu055v (c906192c.virtua.com.br [201.6.25.44])
	(authenticated user ppaulojr)
	by estero.terra.com.br (Postfix) with ESMTP id 963C83C01B
	for <freebsd-ipfw@freebsd.org>; Sun,  4 Jul 2004 20:05:38 -0300 (BRT)
Message-ID: <001a01c4621b$71c2fe20$2c1906c9@vilapnq0uu055v>
From: "Pedro Paulo Jr" <ppj@netfilter.com.br>
To: <freebsd-ipfw@freebsd.org>
Date: Sun, 4 Jul 2004 20:05:48 -0300
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1409
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.1
Subject: Re: Server FW Rules
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Jul 2004 23:05:40 -0000


ipfw add 10 allow all from 10.0.0.0/24 to any
ipfw add 20 allow tcp from any to EXTERNAL_IP http
ipfw add 30 allow tcp from any to EXTERNAL_IP https
ipfw add 40 allow tcp from any to EXTERNAL_IP ssh
ipfw add 50 allow tcp from any to EXTERNAL_IP ftp
<put aditional rules>
ipfe deny all from any to any
-------------------------------------------------------------------------=
------------------------------
I have a webserver that I would like to get a good set of firewall rules
for.  The only services that are running are http, https, ssh and ftp.  =
I
also have a trusted internal adaptor at 10.0.0.100

Thanks for your input,

Scott.