Date: Sun, 13 Jan 2002 15:29:18 -0500 (EST) From: Dru <genisis@istar.ca> To: Steve Brown <freebsd@prayforwind.com> Cc: <freebsd-questions@freebsd.org> Subject: Re: Dru's Onlamp article on IPFW rulesets Message-ID: <20020113152814.D92561-100000@x1-6-00-50-ba-de-36-33.kico1.on.home.com> In-Reply-To: <3C41E6FF.7020108@prayforwind.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 13 Jan 2002, Steve Brown wrote: > Hi Dru, or anyone who can help me out please? > > I'm still completely blocked from the internet after applying the > ruleset in the following article: > http://www.onlamp.com/pub/a/bsd/2001/05/09/FreeBSD_Basics.html > I got through the previous article > http://www.onlamp.com/pub/a/bsd/2001/04/25/FreeBSD_Basics.html > just fine. > > In order to get back on internet at all I keep having to comment out my > kernel & rc.conf firewall options and re-compiling my kernel; it's > getting frustrating. Can anyone tell me what I'm doing wrong? > > Here's my kernel options, rc.conf options, ipfw.rules. I'm using > FreeBSD4.4-RELEASE and I've not modified /etc/rc.firewall. I'm using > DHCP from a BB router which is connected to DSL > > ################# Kernel options####################### > options IPFIREWALL > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=10 > options IPSTEALTH # Hide from traceroute > # To hide from nmap, don't use if running web server (I am doing so) > # options TCP_DROP_SYNFIN > # # To hide from portscans. causes "config MYKERNEL" > # # to display "unknown option" error on my system > # # options TCP_RESTRICT_RST > > ################# rc.conf additions ################### > > firewall_enable="YES" > firewall_script="/etc/rc.firewall" > firewall_type="/etc/ipfw.rules" > firewall_quiet="NO" #change to YES once happy with rules > firewall_logging_enable="YES"log_in_vain="YES" > tcp_drop_synfin="NO" #change to YES if no webserver > # tcp_restrict_rst="YES" > icmp_drop_redirect="YES" > > #################### ipfw.rules ###################### > # allow tcp/ip outgoing, and appropriate answerback's > add 00300 check-state > add 00301 deny tcp from any to any in established > add 00302 allow tcp from any to any out setup keep-state > > # allow DNS > add 0400 allow udp from 209.226.175.223 53 to any in recv vr0 > add 0401 allow udp from 198.235.216.134 53 to any in recv vr0 > add 0402 allow udp from 207.236.176.9 53 to any in recv vr0 > add 0403 allow udp from 198.235.216.111 53 to any in recv vr0 > add 0404 allow udp from 207.236.176.10 53 to any in recv vr0 > add 0405 allow udp from 198.235.216.112 53 to any in recv vr0 > add 0406 allow udp from 209.197.128.2 53 to any in recv vr0 > add 0407 allow udp from 209.197.128.5 53 to any in recv vr0 > > add 00409 allow udp from any to any out Hi Steve, What's the output of "ipfw show"? Dru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020113152814.D92561-100000>