Date: Tue, 9 Sep 2014 23:37:19 +0000 (UTC) From: John Case <case@SDF.ORG> To: freebsd-net@freebsd.org Subject: Can I make this simple ipfw ruleset any more restrictive ? Message-ID: <Pine.NEB.4.64.1409092333450.17244@faeroes.freeshell.org>
next in thread | raw e-mail | index | archive | help
I have a very simple firewall - it*blocks everything*, and the only traffic that is allowed is for internal clients to make outbound connections to tcp port 40. Also, internal clients can ping/traceroute. But that's it - no other connections in or out are allowed. I have this ruleset and it is working perfectly: ipfw add 10 allow tcp from any to any established ipfw add 20 allow icmp from any to any icmptypes 0,3,8,11 ipfw add 30 allow udp from any to any 33433-33499 in via fxp1 ipfw add 40 allow tcp from any to any 40 in via fxp1 (fxp1 is the internal interface, and so I allow the port 40 connections and the udp for traceroute only for requests that come in from the internal network) Is there anything I have screwed up here ? Any unintentional traffic that I am letting through ? Is there any way to lock this down further, and make it even more strict ? Thank yo.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.4.64.1409092333450.17244>