Date: Sun, 20 Feb 2005 13:04:50 -0600 From: "Paul Schmehl" <pauls@utdallas.edu> To: "SigmaX" <scottclansman@cwazy.co.uk>, <freebsd-questions@freebsd.org> Subject: Re: IPFW config Message-ID: <011e01c5177f$0e520970$6702a8c0@George> References: <421A21F4.1050509@cwazy.co.uk>
index | next in thread | previous in thread | raw e-mail
----- Original Message -----
From: "SigmaX" <scottclansman@cwazy.co.uk>
To: <freebsd-questions@freebsd.org>
Sent: Monday, February 21, 2005 12:01 PM
Subject: IPFW config
>
> Set IPFW to allow traffic on ports 80, 10000, and 23 (That's the default
> SSH port, right?)
> Then start IPFW with the kernel module (I know how to do this)
>
fwcmd=/sbin/ipfw
myip=x.x.x.x
mymask=255.255.255.0
setup_loopback
# Allow icmp
${FWCMD} add pass icmp from any to any icmptypes 0,3,8,11,12,13,14 via xl0
# Setup dynamic rules
${fwcmd} add check-state
${fwcmd} add deny tcp from any to any via xl0 established
# Allow DNS queries out to the world
${fwcmd} add allow udp from ${ip} to any via xl0 keep-state
${fwcmd} add deny udp from any to any
# Allow all outbound traffic
${fwcmd} add allow ip from ${myip} to any via xl0 setup keep-state
# Allow inbound http, ssh and port 10000
${fwcmd} add allow tcp from any to ${myip} http via xl0 setup keep-state
${fwcmd} add allow tcp from any to ${myip} ssh via xl0 setup keep-state
${fwcmd} add allow tcp from any to ${myip} 10000 via xl0 setup keep-state
# Allow IP fragments to pass through
${fwcmd} add pass all from any to any frag via xl0
# Deny everything else
${fwcmd} add deny ip from any to any via xl0
Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?011e01c5177f$0e520970$6702a8c0>