Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 25 Jan 2004 16:59:51 +0200
From:      "Pons" <pons@gmx.li>
To:        <freebsd-questions@freebsd.org>
Subject:   IPFW
Message-ID:  <024201c3e353$e3ac0c80$0503050a@sdc.com.jo>
References:  <20040125144542.15702.qmail@web13905.mail.yahoo.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

I have configured a FreeBSD 5.1 rel box 2 NIC's (Ext.ip/Int.ip)
with ipfw/natd/squid the setup is working, but still _FLAT_
it means i am using the default IPFW configuration
firewall_type="open"
I want to give more security to my internal network by
stoping/limiting unneccessary traffic in/out
so I need help to implement the following set of ipfw rules
1- permit only clients with 10.5.0.0/16 to send/recv via the box
2- Block MSN messanger/ yahoo messanger/ ICQ / Kazaa
3- Block in/out ICMP Ping / traceroute
4- Permit DNS/ HTTP(S)/ FTP / SMTP / Telnet /SSH /POP3
5- what should i include in  /etc/sysctl.conf against DoS attack , spoof
..etc
6- What about the kernel_level, in which mode should i run the kernel
7- which other services should i disable
8- allow me (my ip) to manage the box by accessing it via ssh only
any input would be really appreciated.
Thanks



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?024201c3e353$e3ac0c80$0503050a>