From owner-freebsd-questions@FreeBSD.ORG  Tue Aug 19 11:32:05 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3F7A716A4BF
	for <freeBSD-Questions@FreeBSD.ORG>;
	Tue, 19 Aug 2003 11:32:05 -0700 (PDT)
Received: from ns2.foolishgames.net (ns2.foolishgames.net [216.93.162.119])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C954443F93
	for <freeBSD-Questions@FreeBSD.ORG>;
	Tue, 19 Aug 2003 11:32:04 -0700 (PDT)
	(envelope-from luke@foolishgames.com)
Received: from foolishgames.com (adsl-68-73-66-203.dsl.klmzmi.ameritech.net
	[68.73.66.203])	(authenticated bits=0)
	by ns2.foolishgames.net (8.12.9/8.12.9) with ESMTP id h7JIVxf7062633
	for <freeBSD-Questions@FreeBSD.ORG>;
	Tue, 19 Aug 2003 11:31:59 -0700 (PDT)
	(envelope-from luke@foolishgames.com)
Date: Tue, 19 Aug 2003 14:31:55 -0400
Mime-Version: 1.0 (Apple Message framework v552)
Content-Type: text/plain; charset=US-ASCII; format=flowed
From: Lucas Holt <luke@foolishgames.com>
To: freeBSD-Questions@FreeBSD.ORG
Content-Transfer-Encoding: 7bit
Message-Id: <68D72AEE-D273-11D7-A8D3-0030656DD690@foolishgames.com>
X-Mailer: Apple Mail (2.552)
Subject: Firewall rules for servers, UDP
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Aug 2003 18:32:05 -0000

I want to setup a firewall (ipfw) on my freebsd 4.8 p3 server.  The 
machine runs web, ftp, ssh, dns, smtp, and imap to the outside world.  
Does anyone have any links to example rules for servers?  (I've already 
looked at the handbook and man file)

My problem lies in UDP rules.  I think I have TCP figured out.  My 
first attempt blocked off DNS queries from the machine outward.  I 
could query the DNS server, but apps could not do lookups.  i figure it 
has something to do with ports above 1024, but I'm not sure how to 
define a rule with multi ports in a range, plus I don't know how high 
to go above 1024.  Is this the right action?  Ideas on syntax?

Lucas Holt
Luke@FoolishGames.com
________________________________________________________
FoolishGames.com  (Jewel Fan Site)
JustJournal.com (Free blogging)

"Only two things are infinite, the universe and human stupidity, and 
I'm not sure about the former."
- Albert Einstein (1879-1955)