Date: Fri, 27 Oct 2000 19:21:11 -0400 From: "Peter Brezny" <peter@sysadmin-inc.com> To: <freebsd-security@freebsd.org> Subject: input on ipfw ruleset desired Message-ID: <000d01c0406c$98a88340$47010a0a@fire.sysadmininc.com>
next in thread | raw e-mail | index | archive | help
Hello everyone, if you have the time, please have a look at the ruleset below and let me know if i've missed something. I want to protect an internal network with this. If there is any tweaking that could be done to tighten it up or make it more efficient, i'd welcome the input. Thanks for your comments. Peter Brezny SysAdmin Services Inc. a.b.c.d = external ip w.x.y.z/24 = private inside ip range oif = outside interface iif = inside interface divert ip from any to any via oif check-state allow ip from a.b.c.d to any keep-state out xmit oif allow ip from w.x.y.z/24 to any keep-state in recv iif allow tcp from NS1 to a.b.c.d 53 keep-state allow tcp from any to a.b.c.d 22,25,80,443 keep-state deny log logamount 50 ip from any to any deny ip from any to any To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000d01c0406c$98a88340$47010a0a>