Date: Sun, 9 May 2004 13:53:52 +0200 From: =?iso-8859-2?Q?Mistery_X?= <mumija@o2.pl> To: freebsd-ipfw@freebsd.org Subject: Help needed in correcting IFPW2 ruleset Message-ID: <20040509115352.D1A90D0B76@rekin6.o2.pl>
next in thread | raw e-mail | index | archive | help
Hi, Im newbie in IPFW bsd firewall so I wanted to ask that anybody can check my rules (below) if they are out of rubbish and fairly secure. System is not protecting any network, just himself, he has to be able to send DHCP questions, DNS questions (i dont have bind on him), also he serve www page, and has to allow people to log in vi ssh2 and use smtp, pop3 and irc. I think, thats all. Please take a while and give me some (if any needed) suggestions on this rules security and functionality. Thanks a lot for any help & comments!! IPFW Rules: #loopback na lo0 add 100 pass all from any to any via lo0 add 110 deny all from any to 127.0.0.0/8 add 120 deny ip from 127.0.0.0/8 to any #anti spoof add 200 deny all from 10.0.0.0/8 to any via fxp0 add 210 deny all from 172.16.0.0/12 to any via fxp0 add 220 deny all from 192.168.0.0/16 to any via fxp0 add 230 deny all from 169.254.0.0/16 to any via fxp0 add 240 deny all from 192.0.2.0/24 to any via fxp0 add 250 deny all from 224.0.0.0/4 to any via fxp0 add 260 deny all from 240.0.0.0/4 to any via fxp0 #ruleset add 300 pass tcp from any to any established add 310 pass all from any to any frag add 320 pass all from any to me 25 setup add 330 pass udp from me 53 to any via fxp0 add 340 pass tcp from any to me 80 setup add 350 deny log tcp from any to any via fxp0 setup add 360 pass tcp from any to any setup #reject rest add 65000 deny all from anty to any vi any Best regards, mumija.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040509115352.D1A90D0B76>