Date: Sun, 22 Dec 2002 15:20:05 -0800 From: Gary D Kline <kline@thought.org> To: "Sean J. Countryman" <sean@rackoperations.com> Cc: Gary D Kline <kline@thought.org>, FreeBSD Mailing List <freebsd-questions@FreeBSD.ORG> Subject: Re: Any IPFW clues??? Message-ID: <20021222232005.GA78387@tao.thought.org> In-Reply-To: <EOELLBCOGJPNEBBJEKDKOEIJEOAA.sean@rackoperations.com> References: <20021222230535.GA78303@tao.thought.org> <EOELLBCOGJPNEBBJEKDKOEIJEOAA.sean@rackoperations.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Dec 22, 2002 at 04:14:31PM -0700, Sean J. Countryman wrote: > Perhaps you could post your rules? > > - Sean Sure:: ipfw -f 10 flush ipfw add 100 check-state ipfw add 150 allow tcp from any to any in via dc0 keep-state ipfw add 200 allow udp from any to any in via dc0 keep-state ipfw add 300 allow icmp from any to any in recv dc0 keep-state ipfw add 500 reset tcp from any to any in via dc0 # Allow in SSH on port 22 [[ this block should be okay ]] ipfw add 1000 allow tcp from any to 10.0.0.249 22 in via dc1 keep-state ipfw add 1050 allow tcp from 10.0.0.249 to any 22 out via dc1 keep-state ipfw add 1100 allow tcp from any to 10.0.0.247 22 in via dc1 keep-state ipfw add 1150 allow tcp from 10.0.0.247 to any 22 in via dc1 keep-state ipfw add 1200 allow tcp from any to 216.231.43.140 22 in via dc0 keep-state ipfw add 1250 allow tcp from 216.231.43.140 to any 22 in via dc0 keep-state # Allow FTP data connections ipfw add 1300 allow tcp from any to 216.231.43.140 21 7499-8501 in via dc0 # Allow in DNS on port 53 ipfw add 1400 allow tcp from any to 216.231.43.140 53 in via dc0 ipfw add 1500 allow udp from any to 216.231.43.140 53 in via dc0 # Allow in private printer and printer on ports 35 AND 515 ipfw add 1600 allow tcp from any to 216.231.43.140 35,515 in via dc0 ipfw add 1700 allow udp from any to 216.231.43.140 35,515 in via dc0 # Allow in HTTP on port 80 ipfw add 1800 allow tcp from any to 216.231.43.140 80 in via dc0 ipfw add 1900 allow udp from any to 216.231.43.140 80 in via dc0 # Allow in SMTP on port 25 ipfw add 2200 allow tcp from any to 216.231.43.140 25 in via dc0 ipfw add 2300 allow udp from any to 216.231.43.140 25 in via dc0 # Allow in named/BIND on port 42 ipfw add 2400 allow tcp from any to 216.231.43.140 42 in via dc0 ipfw add 2500 allow udp from any to 216.231.43.140 42 in via dc0 # deny unreachable pings; (type = 3). ipfw add 2600 deny icmp from any to any in icmptypes 3 # Inside Interface ipfw add 2900 allow udp from any to any out xmit dc0 keep-state ipfw add 3200 allow tcp from any to any via dc0 keep-state ipfw add 3300 allow udp from any to any in recv dc0 keep-state ipfw add 3400 allow icmp from any to any via dc0 keep-state ipfw add 3500 deny ip from any to any recv dc0 # Loopback Interface ipfw add 3600 allow ip from 127.0.0.1 to 127.0.0.1 in recv lo0 ipfw add 3700 allow ip from 127.0.0.1 to 127.0.0.1 out xmit lo0 ipfw add 3800 allow from any to any Anything here glaringly wrong? gary > > -- Gary Kline kline@thought.org www.thought.org Public service Unix To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021222232005.GA78387>