Date: Mon, 06 Jan 2003 17:49:50 +0000 From: Jonathan Belson <jon@witchspace.com> To: Dan Nelson <dnelson@allantgroup.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: [Q] ipfw and 'me' Message-ID: <3E19C1BE.4010603@witchspace.com> References: <3E19B689.2090207@witchspace.com> <20030106171001.GA13668@submonkey.net> <3E19BB9E.6010207@witchspace.com> <20030106173244.GA54032@dan.emsphone.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Dan Nelson wrote:
> me is me. Maybe the "recv | xmit | via {ifX | if* | ipno | any}"
> options will help? What exactly are you trying to allow/block?
My firewall rules are based on the 'simple' pattern in rc.firewall.
I've got stuff like this to explicitly allow certain connections:
# ssh
${fwcmd} add pass tcp from any to ${oip} 22 setup
${fwcmd} add pass udp from any to ${oip} 22
${fwcmd} add pass udp from ${oip} 22 to any
# Allow DNS queries out in the world
${fwcmd} add pass udp from ${oip} to any 53 keep-state
# Allow NTP queries out in the world
${fwcmd} add pass udp from ${oip} to any 123 keep-state
where ${oip} is my external IP adress (ie. the one that changes
every now and again)
--Jon
http://www.witchspace.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E19C1BE.4010603>