Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 8 Jan 2013 16:44:55 +0200
From:      Sami Halabi <sodynet1@gmail.com>
To:        freebsd-ipfw <freebsd-ipfw@freebsd.org>, freebsd-net@freebsd.org
Subject:   firewall rules for core router
Message-ID:  <CAEW+ogaCS9XuLOM9ZonnMkR-JyJckicY=xKX1y8drFKHn3UTbA@mail.gmail.com>

Next in thread | Raw E-Mail | Index | Archive | Help
Anh one?
=D7=91=D7=AA=D7=90=D7=A8=D7=99=D7=9A 7 =D7=91=D7=99=D7=A0=D7=95 2013 18:09,=
 =D7=9E=D7=90=D7=AA "Sami Halabi" <sodynet1@gmail.com>:

> Hi,
> i have a core router that i want to enable firewall on it.
> is these enough for a start:
>
> ipfw add 100 allow all from any to any via lo0
> ipfw add 25000 allow all from me to any
> ipfw add 25100 allow ip from "table(7)" to me dst-port 179
> #ipfw add 25150 allow ip from "table(7)" to me
> ipfw add 25200 allow ip from "table(8)" to me dst-port 161
> #ipfw add 25250 allow ip from "table(8)" to me
> ipfw add 25300 allow all from any to me dst-port 22
> ipfw add 25400 allow icmp from any to any
> ipfw add 25500 deny all from any to me
> ipfw add 230000 allow all from any to any
>
> while table-7 are my BGP peers, table-8 my NMS.
>
> do i need to open anything more? any routing protocol/forwarding plan
> issues?
>
>
> another thing:
> i plan to add the following rule
> ipfw add 26000 fwd w.x.y.z all from a.b.c.0/24 to any
>
> will this work?, does my peer (ISP, with Cisco/Juniper equipment) needs t=
o
> do anything else?
> Thanks in advance,
>
> --
> Sami Halabi
> Information Systems Engineer
> NMS Projects Expert
> FreeBSD SysAdmin Expert
>



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?CAEW+ogaCS9XuLOM9ZonnMkR-JyJckicY=xKX1y8drFKHn3UTbA>