Date: Thu, 20 Mar 2003 11:45:44 -0800 (PST) From: "W. J. Williams" <willardjwilliams@yahoo.com> To: freebsd-questions@freebsd.org Subject: IPFW firewall rules not complete Message-ID: <20030320194544.26310.qmail@web13505.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
sorry about last message...!! I am experimenting with IPFW firewalls and have hit a roadblock. I am trying to allow ssh, mail, dns requests, pings and traceroutes out, but not in and webmin (port 10000). I am hitting a roadblock on mail and pings out. Hope someone can help me...I am new to this and donīt understand firewall rules syntax fully. I have funded my own lab to experiment with this fun and powerful stuff... some more notes. Firewall:two intefaces fxp0: 192.168.0.2/29 connected to router connected to DSL demarc (eventually I will get rid of this router and replace with BSD firewall, but for now, I need for it to stay...partly because I can only experiment with one thing at a time and because I have wireless laptops that connect to this router.:-) fxp1: 192.168.1.1/255.255.255.0: is gateway for 10 other hosts all in the 192.168.1 network. Rules I am using: > add 21 deny log all from any to any in frag via fxp0 > add 1000 allow tcp from any to any established > add 2000 allow tcp from any to 192.168.0.0/29 22,25,10000 setup > add 3000 allow udp from 192.168.0.0/29 to any 53 > add 4000 allow udp from any 53 to 192.168.0.0/29 > add 5000 pass all from any to any via lo0 > add 6000 pass all from any to 127.0.0.0/8 Would appreciate comments on what this simple rules file should look like. thx! ===== Will Williams To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030320194544.26310.qmail>