Date: Thu, 16 May 2002 14:58:21 -0700 (PDT) From: Patrick Thomas <root@utility.clubscholarship.com> To: <freebsd-questions@freebsd.org> Subject: quick ipfw ruleset advice needed... Message-ID: <20020516144842.B79837-100000@utility.clubscholarship.com>
next in thread | raw e-mail | index | archive | help
I have a single machine behind my firewall. On that machine I would like to do this: 1. allow incoming sshd connections 2. allow incoming identd requests 3. block ALL other requests coming into my server 4. be able to use any client programs from my server going outwards (bitchx, ftp, ssh, lynx, mud client, etc) so I came up with this: 00100 allow tcp from any to [my IP] 22 # incoming sshd 00101 allow tcp from any to [my IP] 113 # incoming identd 00102 allow udp from any to [my IP] 113 # incoming identd 00103 deny all from any to [my IP] This sort of works. I can ssh _to_ my machine and log in, and i can get identd to respond, but: - I cannot ssh from that machine to other places - I cannot use things like lynx and bitchx So, how do I accomplish this ? How can I ssh out and have return packets coming in at high numbered ports and not block them ? I suppose I could change the deny line to deny on ports 0-1024 ... so then i could use clients like lynx, but how do I protect myself asgainst some server that starts itself up and answers in a high port and i dont notice it is there (as the result of an attack or intrusion or trojan) ? thanks! pt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020516144842.B79837-100000>