From owner-freebsd-ipfw@FreeBSD.ORG Sun Jul 4 23:45:53 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EB98616A4CE for ; Sun, 4 Jul 2004 23:45:53 +0000 (GMT) Received: from pd2mo3so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id CB69843D31 for ; Sun, 4 Jul 2004 23:45:53 +0000 (GMT) (envelope-from sstahl@shaw.ca) Received: from pd2mr7so.prod.shaw.ca (pd2mr7so-qfe3.prod.shaw.ca [10.0.141.10])2003)) with ESMTP id <0I0C001BHQ0HM3@l-daemon> for freebsd-ipfw@freebsd.org; Sun, 04 Jul 2004 17:45:53 -0600 (MDT) Received: from pn2ml5so.prod.shaw.ca ([10.0.121.149]) by pd2mr7so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0I0C000OMQ0HK1F0@pd2mr7so.prod.shaw.ca> for freebsd-ipfw@freebsd.org; Sun, 04 Jul 2004 17:45:53 -0600 (MDT) Received: from scott (S0106004005833f5a.ss.shawcable.net [24.78.99.46]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0I0C00D3RQ0DZ5@l-daemon> for freebsd-ipfw@freebsd.org; Sun, 04 Jul 2004 17:45:53 -0600 (MDT) Date: Sun, 04 Jul 2004 17:45:50 -0600 From: Scott Stahl In-reply-to: <001a01c4621b$71c2fe20$2c1906c9@vilapnq0uu055v> To: 'Pedro Paulo Jr' , freebsd-ipfw@freebsd.org Message-id: <0I0C00D3TQ0HZ5@l-daemon> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 X-Mailer: Microsoft Outlook, Build 11.0.5207 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7bit Thread-index: AcRiG23cm2yE/iJuS12sgKCg9/FNzwABVYUw Subject: RE: Server FW Rules X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Jul 2004 23:45:54 -0000 These rules don't seem to work. The internal 10.0.0.100 works though. If I issue a IPFW DISABLE FIREWALL all seems to work. Thanks, Scott. -----Original Message----- From: owner-freebsd-ipfw@freebsd.org [mailto:owner-freebsd-ipfw@freebsd.org] On Behalf Of Pedro Paulo Jr Sent: Sunday, July 04, 2004 5:06 PM To: freebsd-ipfw@freebsd.org Subject: Re: Server FW Rules ipfw add 10 allow all from 10.0.0.0/24 to any ipfw add 20 allow tcp from any to EXTERNAL_IP http ipfw add 30 allow tcp from any to EXTERNAL_IP https ipfw add 40 allow tcp from any to EXTERNAL_IP ssh ipfw add 50 allow tcp from any to EXTERNAL_IP ftp ipfe deny all from any to any ---------------------------------------------------------------------------- --------------------------- I have a webserver that I would like to get a good set of firewall rules for. The only services that are running are http, https, ssh and ftp. I also have a trusted internal adaptor at 10.0.0.100 Thanks for your input, Scott. _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"