Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 6 May 2005 08:32:28 -0400
From:      "fbsd_user" <fbsd_user@a1poweruser.com>
To:        "Eaaiia Eeuy" <peanky@mail.ru>, <questions@FreeBSD.org>
Subject:   RE: IPFW: 24.6.5.7 An Example NAT and Stateful Ruleset
Message-ID:  <MIEPLLIBMLEEABPDBIEGMEDMHEAA.fbsd_user@a1poweruser.com>
In-Reply-To: <843429403.20050506140126@mail.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 
If you remove those 2 rules your firewall is completely open.
This means you will be deactivating your firewall protection.

You have to describe your environment in detail and post rc.conf,
ipf.rules, and dmesg.boot files for people to look at.
Just saying you can not get to public internet does not mean
anything, you have to state just what you are trying to do.
When you run test look at the firewall log file to see what ip
address and port numbers you are logging.
This will give you pointers into true nature of your problem.

>From what you posted I would say you do not know what you are doing
and that ipfw is not the firewall for you.
IPFILTER is more likely better suited to your knowledge level.

-----Original Message-----
From: owner-freebsd-questions@freebsd.org
[mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Иванов Илья
Sent: Friday, May 06, 2005 6:01 AM
To: questions@FreeBSD.org
Subject: IPFW: 24.6.5.7 An Example NAT and Stateful Ruleset


Hallo! I read article
(http://freebsd.vinf.ru/doc/en/books/handbook/firewalls-ipfw.html)
and use your example from "An Example NAT and Stateful Ruleset"
part.
So, when I use this script for ipfw, I can't be able to use
internet,
but if I disable the rules 400, 450 I can use internet.

I use FreeBSD 4.10, nat, ipfw, squid.

# Reject & Log all unauthorized incoming connections from the public
Internet
$cmd 400 deny log all from any to any in via $pif

# Reject & Log all unauthorized out going connections to the public
Internet
$cmd 450 deny log all from any to any out via $pif

My question is: can I use this script for ipfw without rules 400 and
450 or it is a potential threat of security of my system?

May be we can put me a link to any article about this?

With a best regards, Ivanov Ilya.


_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGMEDMHEAA.fbsd_user>