IPFW config
Paul Schmehl
pauls at utdallas.edu
Sun Feb 20 19:04:52 GMT 2005
----- Original Message -----
From: "SigmaX" <scottclansman at cwazy.co.uk>
To: <freebsd-questions at freebsd.org>
Sent: Monday, February 21, 2005 12:01 PM
Subject: IPFW config
>
> Set IPFW to allow traffic on ports 80, 10000, and 23 (That's the default
> SSH port, right?)
> Then start IPFW with the kernel module (I know how to do this)
>
fwcmd=/sbin/ipfw
myip=x.x.x.x
mymask=255.255.255.0
setup_loopback
# Allow icmp
${FWCMD} add pass icmp from any to any icmptypes 0,3,8,11,12,13,14 via xl0
# Setup dynamic rules
${fwcmd} add check-state
${fwcmd} add deny tcp from any to any via xl0 established
# Allow DNS queries out to the world
${fwcmd} add allow udp from ${ip} to any via xl0 keep-state
${fwcmd} add deny udp from any to any
# Allow all outbound traffic
${fwcmd} add allow ip from ${myip} to any via xl0 setup keep-state
# Allow inbound http, ssh and port 10000
${fwcmd} add allow tcp from any to ${myip} http via xl0 setup keep-state
${fwcmd} add allow tcp from any to ${myip} ssh via xl0 setup keep-state
${fwcmd} add allow tcp from any to ${myip} 10000 via xl0 setup keep-state
# Allow IP fragments to pass through
${fwcmd} add pass all from any to any frag via xl0
# Deny everything else
${fwcmd} add deny ip from any to any via xl0
Paul Schmehl (pauls at utdallas.edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/
More information about the freebsd-questions
mailing list