Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 4 Jul 2001 10:53:09 +0400
From:      "Andrey Simonenko" <simon@comsys.ntu-kpi.kiev.ua>
To:        "Peter Salvage" <wizard@sybaweb.co.za>
Cc:        <freebsd-questions@freebsd.org>
Subject:   Re: IPFW Rules
Message-ID:  <002c01c10455$fd4d08e0$6d36120a@comsys.ntukpi.kiev.ua>
References:  <050801c102d9$64d62880$0200a8c0@ait.co.za> <006001c102e2$972da520$6d36120a@comsys.ntukpi.kiev.ua> <001301c102fb$bb49b020$0200a8c0@ait.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help 

----- Original Message -----
From: Peter Salvage <wizard@sybaweb.co.za>
To: Andrey Simonenko <simon@comsys.ntu-kpi.kiev.ua>
Cc: <freebsd-questions@freebsd.org>
Sent: Monday, July 02, 2001 5:32 PM
Subject: Re: IPFW Rules


> > Try /etc/rc.firewall, this file has comments.
> > Probably it whould be better to tell us what exactly you want to protect
> > with IP Firewall.
>
> Hi Andrey
>
> Thanks for the info! I'm already reading the resources that Ling Ling was
kind
> enough to provide to me, but briefly...
>
> I'm wanting to:
> allow port 80 on my www box
> allow ports 25, 110, 113 on my mailserver
> allow tcp/udp ports 53 on my nameservers
> allow ssh traffic (port 22?)
> allow nntp (port 123)
> allow webmail on one host (port 8181)
> allow RADIUS queries on our RADIUS box
>

Everything you said can be easy implemented with any type of
Firewall (IP Firewall or IP Filter). But are you sure that you have to
deny all other connections? May be it is better to close IP/ports for
some services on your server: for example you can remove not
needed services in /etc/inetd.conf, add "-ss" flag to syslogd, tell
Squid/Apache/something to listen on LAN NIC or on WAN NIC.

> Deny spoofing of my address range(s)
> ...and er...I guess deny everything else :)

Some information abot this can be found on ipfw(8) and ipf(5)
manual pages, also you can dig news archives with www.deja.com.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002c01c10455$fd4d08e0$6d36120a>