IPFW config
Paul Schmehl
pauls at utdallas.edu
Mon Feb 21 03:56:48 GMT 2005
----- Original Message -----
From: "SigmaX" <scottclansman at cwazy.co.uk>
To: <freebsd-questions at freebsd.org>
Cc: "Paul Schmehl" <pauls at utdallas.edu>
Sent: Monday, February 21, 2005 8:14 PM
Subject: Re: IPFW config
>
> Well... *ahem*... I put the above script into /etc/ipfw.rules and did
> "kldload ipfw.ko && sh /etc/ipfw.rules". I lost connectivity to the
> server.
Geez, I thought you learned from the first time....
>
>Did the above script only open those ports to localhost or
> something?
It was meant to be an example for you to work from. It's taken from a
working example that I use on several servers, altered to meet the
requirements you gave in your post.
First of all, you should *never* work on a firewall config remotely.
Secondly, the expectation is that you will take information give here and
use it with a grain of salt.
Try this. Sitting at the console in front of the computer, enable the
firewall:
% ipfw enable firewall
This will block all access to the computer.
Now type this at the command line:
% ipfw add allow tcp from any to (type in the computer's IP address here)
ssh
Now ssh to some other computer that you have access to and back to this
computer and see if you don't get in. (Note that the assumption is that you
have not yet configured /etc/hosts.allow to deny access from the computer
you're ssh'ing back to this computer from.)
Look at the /etc/rc.firewall script. Read man ipfw carefully. Don't forget
that you must enable the firewall in the /etc/rc.conf file, but you must
*also* define what *type* of firewall it is.
Here's an example:
firewall_enable="YES"
firewall_logging_enable="YES"
firewall_quiet="NO"
firewall_script="/etc/rc.firewall"
firewall_type="CLIENT"
Paul Schmehl (pauls at utdallas.edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/
More information about the freebsd-questions
mailing list