Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 04 Oct 2002 08:58:50 +0200
From:      Nelis Lamprecht <nelis@brabys.co.za>
To:        freebsd-questions@freebsd.org
Subject:   ipfw ruleset
Message-ID:  <5.1.0.14.2.20021004085609.012ed3c8@192.96.48.11>

next in thread | raw e-mail | index | archive | help
Hi People,

I'm trying to setup my firewall using ipfw on 4.6 Stable. I have read 
through the man pages and also several howto's but now I need your advice. 
I would like to setup a DNS server that will respond to queries and my 
current ruleset does not seem to permit this. Please tell me what I am 
doing wrong.

My Ruleset: ( ip's omitted )

add 00301 check-state
add 00302 allow tcp from any to any established
add 00303 allow tcp from any to any out setup keep-state
add 00304 allow tcp from any to $lan 22,25,80,443 setup
add 00400 allow udp from any to any out
add 00401 allow udp from $lan to any 53
add 00402 allow udp from any 53 to $lan in recv rl0
#allow some icmp types (codes not supported)
##allow path-mtu in both directions
add 00600 allow icmp from any to any icmptypes 3
##allow source quench in and out
add 00601 allow icmp from any to any icmptypes 4
##allow me to ping out and receive response back
add 00602 allow icmp from any to any icmptypes 8 out
add 00603 allow icmp from any to any icmptypes 0 in
##allow me to run traceroute
add 00604 allow icmp from any to any icmptypes 11 in
#allow ident requests
add 00700 allow tcp from any to any 113 keep-state setup
#deny syn and fin bits used for OS finger printing using nmap
add 00701 deny log tcp from any to any in tcpflags syn,fin
#log anything that falls through
add 09000 deny log ip from any to any

Kind Regards,
Nelis 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.2.20021004085609.012ed3c8>