Date: Mon, 31 Oct 2005 05:52:05 -0600 From: Eric F Crist <ecrist@secure-computing.net> To: Eric F Crist <ecrist@secure-computing.net> Cc: andy@neu.net, freebsd-questions@freebsd.org, freebsd-mobile@freebsd.org Subject: Re: laptop firewall rules Message-ID: <A30BD21E-3977-4522-95A7-9F735240970D@secure-computing.net> In-Reply-To: <F4A7C5AB-A8D1-4E46-A7E0-F1FD95E64ABC@secure-computing.net> References: <Pine.LNX.4.56.0510301731420.20733@Mira.dandy.net> <F4A7C5AB-A8D1-4E46-A7E0-F1FD95E64ABC@secure-computing.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Oct 30, 2005, at 6:23 PM, Eric F Crist wrote: > On Oct 30, 2005, at 4:41 PM, andy@neu.net wrote: > > >> Does anyone have a good example of a firewall ruleset for a wireless >> interface in a laptop, or a pointer to documentation? I want to use >> IPFilter on 6.0 rc1. I want to let all connections out and keep >> state, >> but block all incoming from the outside. >> >> TIA >> > > > That ruleset is easy: > > ipfw add check-state > ipfw add allow tcp from me to any setup keep-state > ipfw add allow tcp from any to any established > ipfw add deny from any to me in > > This should do the trick. I forgot a couple of rules here. I'm assuming you want DNS to function, so here's another rule to add, immediately above the last, deny, line: ipfw add allow udp from me to any ipfw add allow udp from any 53 to me 53 Also, that last line above should read: ipfw add deny all from any to me in ----- Eric F Crist Secure Computing Networks http://www.secure-computing.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A30BD21E-3977-4522-95A7-9F735240970D>