Date: Sat, 28 Jul 2001 21:19:40 -0700 From: Tony Saign <tony@saignon.net> To: <freebsd-ipfw@freebsd.org> Subject: RE: Simple ruleset?? Message-ID: <000001c117e5$b01f1060$0600a8c0@tsaignmobl> In-Reply-To: <20010728215507.A19670@lowrider.lewman.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Currently this is what I have, and it appears to be working now that I added #00708 # Outbound filters add 00310 allow tcp from any to any out established add 00320 allow tcp from any to any out setup keep-state # SSH filters add 00401 pass tcp from <HOME IP> to any 22 setup add 00402 pass tcp from <HOME IP> to any 22 established add 00403 pass tcp from <WORK IP> to any 22 setup add 00404 pass tcp from <WORK IP> to any 22 established # eMail filters add 00501 pass tcp from any to any 25 setup add 00502 pass tcp from any to any 25 established add 00503 pass tcp from any to any 110 setup add 00504 pass tcp from any to any 110 established # HTTP filters add 00601 pass tcp from any to any 80 setup add 00602 pass tcp from any to any 80 established add 00603 pass tcp from <HOME IP> to any 3987 setup add 00604 pass tcp from <HOME IP> to any 3987 established add 00605 pass tcp from <WORK IP> to any 3987 setup add 00606 pass tcp from <WORK IP> to any 3987 established # DNS filters add 00701 allow udp from <PRIMARY DNS> 53 to any in recv fxp0 add 00702 allow udp from <SECONDARY DNS> to any in recv fxp0 add 00703 allow udp from <ANOTHER DNS> to any in recv fxp0 add 00704 allow udp from <ISP DNS> 53 to any in recv fxp0 add 00705 allow udp from <ISP DNS> 53 to any in recv fxp0 add 00706 allow udp from any to any 53 add 00707 allow udp from any 53 to any add 00708 allow tcp from any to any 53 #NSLOOKUP WORKS w/ this rule add 00710 allow udp from any to any out # ICMP filters add 00801 allow icmp from any to any icmptypes 3 add 00802 allow icmp from any to any icmptypes 4 add 00803 allow icmp from any to any icmptypes 8 out add 00804 allow icmp from any to any icmptypes 0 in add 00805 allow icmp from any to any icmptypes 11 in * -----Original Message----- * From: owner-freebsd-ipfw@freebsd.org * [mailto:owner-freebsd-ipfw@freebsd.org]On Behalf Of Andrew * Sent: Saturday, July 28, 2001 6:55 PM * To: freebsd-ipfw@freebsd.org * Subject: Re: Simple ruleset?? * * * On Thu, Jul 26, 2001 at 10:13:32PM -0700, tony@saignon.net * spewed 0.6K bytes in 17 lines about: * : * : I need a proven ruleset that would allow any outbound * traffic, and incoming * : on ports 22, 25, 53, 80, and 110 only. * * Just a thought: * * allow ip from me to any #outbound * allow udp from any to me 53 #dns inbound * * The rest is pretty simple. * * * -- * * | Andy | e-mail | web | gpg/pgp keyid | * | | andy@lewman.com | www.lewman.com | ED788962 | * * Dealing with failure is easy: work hard to improve. Success is also * easy to handle: you've solved the wrong problem. Work hard to * improve. * * To Unsubscribe: send mail to majordomo@FreeBSD.org * with "unsubscribe freebsd-ipfw" in the body of the message * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000001c117e5$b01f1060$0600a8c0>