Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 13 Jan 2002 21:06:42 +0100
From:      "Leo De Geer" <leo@ktv.se>
To:        "'Steve Brown'" <freebsd@prayforwind.com>, <freebsd-questions@FreeBSD.ORG>
Subject:   SV: Dru's Onlamp article on IPFW rulesets
Message-ID:  <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAASrpIvj67bUafx/CGzD1RPMKAAAAQAAAAK6jpjTVbj0KoVz3gSXDs/QEAAAAA@ktv.se>
In-Reply-To: <3C41E6FF.7020108@prayforwind.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
I'm using the rules from that article. Butt I did some editing in
rc.conf.

My rc.conf is

firewall_type=3D"/etc/ipfw.rules"
firewall_enable=3D"YES"
firewall_quiet=3D"NO"

and its starts as it shuld

regards leo

Kristianstad Teknikverkstad
www.ktv.se
www.teknikshoppen.nu
=20

-----Ursprungligt meddelande-----
Fr=E5n: owner-freebsd-questions@FreeBSD.ORG
[mailto:owner-freebsd-questions@FreeBSD.ORG] F=F6r Steve Brown
Skickat: den 13 januari 2002 20:59
Till: freebsd-questions@FreeBSD.ORG
=C4mne: Dru's Onlamp article on IPFW rulesets

Hi Dru, or anyone who can help me out please?

I'm still completely blocked from the internet after applying the=20
ruleset in the following article:
http://www.onlamp.com/pub/a/bsd/2001/05/09/FreeBSD_Basics.html
I got through the previous article
http://www.onlamp.com/pub/a/bsd/2001/04/25/FreeBSD_Basics.html
just fine.

In order to get back on internet at all I keep having to comment out my=20
kernel & rc.conf firewall options and re-compiling my kernel; it's=20
getting frustrating. Can anyone tell me what I'm doing wrong?

Here's my kernel options, rc.conf options, ipfw.rules. I'm using=20
FreeBSD4.4-RELEASE and I've not modified /etc/rc.firewall. I'm using=20
DHCP from a BB router which is connected to DSL

################# Kernel options#######################
options               IPFIREWALL
options               IPFIREWALL_VERBOSE
options               IPFIREWALL_VERBOSE_LIMIT=3D10
options               IPSTEALTH # Hide from traceroute
# To hide from nmap, don't use if running web server (I am doing so)
# options             TCP_DROP_SYNFIN
# # To hide from portscans. causes "config MYKERNEL"
# # to display "unknown option" error on my system
# # options             TCP_RESTRICT_RST

################# rc.conf additions ###################

firewall_enable=3D"YES"
firewall_script=3D"/etc/rc.firewall"
firewall_type=3D"/etc/ipfw.rules"
firewall_quiet=3D"NO"     #change to YES once happy with rules
firewall_logging_enable=3D"YES"log_in_vain=3D"YES"
tcp_drop_synfin=3D"NO"   #change to YES if no webserver
# tcp_restrict_rst=3D"YES"
icmp_drop_redirect=3D"YES"

#################### ipfw.rules ######################
# allow tcp/ip outgoing, and appropriate answerback's
add 00300 check-state
add 00301 deny tcp from any to any in established
add 00302 allow tcp from any to any out setup keep-state

# allow DNS
add 0400 allow udp from 209.226.175.223 53 to any in recv vr0
add 0401 allow udp from 198.235.216.134 53 to any in recv vr0
add 0402 allow udp from 207.236.176.9 53 to any in recv vr0
add 0403 allow udp from 198.235.216.111 53 to any in recv vr0
add 0404 allow udp from 207.236.176.10 53 to any in recv vr0
add 0405 allow udp from 198.235.216.112 53 to any in recv vr0
add 0406 allow udp from 209.197.128.2 53 to any in recv vr0
add 0407 allow udp from 209.197.128.5 53 to any in recv vr0

add 00409 allow udp from any to any out


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAASrpIvj67bUafx/CGzD1RPMKAAAAQAAAAK6jpjTVbj0KoVz3gSXDs/QEAAAAA>