Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 7 Jan 2013 18:09:11 +0200
From:      Sami Halabi <sodynet1@gmail.com>
To:        freebsd-ipfw <freebsd-ipfw@freebsd.org>
Subject:   rules fore core router
Message-ID:  <CAEW+ogZZDJsqiayFUnjdY=CP_2TFGq0QFEux=+GkEb5bVLTjWQ@mail.gmail.com>

Next in thread | Raw E-Mail | Index | Archive | Help
Hi,
i have a core router that i want to enable firewall on it.
is these enough for a start:

ipfw add 100 allow all from any to any via lo0
ipfw add 25000 allow all from me to any
ipfw add 25100 allow ip from "table(7)" to me dst-port 179
#ipfw add 25150 allow ip from "table(7)" to me
ipfw add 25200 allow ip from "table(8)" to me dst-port 161
#ipfw add 25250 allow ip from "table(8)" to me
ipfw add 25300 allow all from any to me dst-port 22
ipfw add 25400 allow icmp from any to any
ipfw add 25500 deny all from any to me
ipfw add 230000 allow all from any to any

while table-7 are my BGP peers, table-8 my NMS.

do i need to open anything more? any routing protocol/forwarding plan
issues?


another thing:
i plan to add the following rule
ipfw add 26000 fwd w.x.y.z all from a.b.c.0/24 to any

will this work?, does my peer (ISP, with Cisco/Juniper equipment) needs to
do anything else?
Thanks in advance,

-- 
Sami Halabi
Information Systems Engineer
NMS Projects Expert
FreeBSD SysAdmin Expert



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?CAEW+ogZZDJsqiayFUnjdY=CP_2TFGq0QFEux=+GkEb5bVLTjWQ>