Date: Mon, 11 Mar 2002 17:58:24 +0100 From: Paul Everlund <tdv94ped@cs.umu.se> To: Peter =?iso-8859-1?Q?Lepp=E4nen?= <pele02@handelsbanken.se> Cc: questions@FreeBSD.ORG Subject: Re: IPFW question! Message-ID: <3C8CE22F.7C60ECF4@cs.umu.se> References: <3.0.5.32.20020311102914.01130098@mail.sage-one.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> >Yes I understand that I have to modify the file if I like to have > additional services like ssh and ftp and so on. > >But the standard rc.firewall script, simple type should give me access to > DNS and HTTP. > > > >Is this not correct? This rule allow everything from you, that is TCP, to setup connections. $fwcmd add allow tcp from any to any out via tun0 setup This rule allow everything to and from you, that is TCP, and has an es- tablished connection, a connection that has been setup. $fwcmd add allow tcp from any to any via tun0 established This rule allow all to connect to your HTTP-server. Then the above rule applies to this particular connection. $fwcmd add allow tcp from any to any 80 in via tun0 setup These rules allow DNS-queries, in and out. You maybe have to change the IP-address to suit your needs. $fwcmd add allow udp from any to 10.0.0.1 53 out via tun0 $fwcmd add allow udp from any to 10.0.0.2 53 out via tun0 $fwcmd add allow udp from 10.0.0.1 53 to any in via tun0 $fwcmd add allow udp from 10.0.0.2 53 to any in via tun0 Some other rules can be handy, and if you would like to have my whole ruleset, just let me know. Then you can take it from there and change it to meet your own needs. If it's 100% correct though, I don't know, but I haven't had any intrusions that I know of yet. Best regards, Paul To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C8CE22F.7C60ECF4>