IPF firewalling
Kövesdán Gábor
gabor.kovesdan at freemail.hu
Sun Jan 16 11:33:50 PST 2005
Hello,
Thanks for your answer, I've modified my rules as You suggested, but I
haven't made groups yet. Thus the new ruleset is:
# I don't want to filter outgoing packets
pass out quick all
# The incoming packets for dhcp, dns, ssh, mail, ftp, www
pass in quick on rl0 proto udp from any to any port = 68 keep state keep
frags
pass in quick on rl0 proto udp from any to any port = 53 keep state keep
frags
pass in quick on rl0 proto tcp from any to any port = 53 flags S keep state
keep frags
pass in quick on rl0 proto tcp from any to any port = 22 flags S keep state
keep frags
pass in quick on rl0 proto tcp from any to any port = 25 flags S keep state
keep frags
pass in quick on rl0 proto tcp from any to any port = 21 flags S keep state
keep frags
pass in quick on rl0 proto tcp from any to any port = 20 flags S keep state
keep frags
pass in quick on rl0 proto tcp from any to any port = 80 flags S keep state
keep frags
# Some advanced stuff - will be set later
#block return-rst in log quick on rl0 proto tcp from any to any
#block return-icmp-as-dest(port-unr) in log quick on rl0 proto udp from any
to any
#block in quick on rl0 all
# Allow everything for the loopback interface
pass in quick on lo0 all
pass out quick on lo0 all
I ran the ipf -Fa && ipf -f /etc/ipf.rules2 command (ipf.rules2 is this
ruleset) via ssh, but then my connection closed, and I was unable to
reconnect via ssh until flushing the rules and loading this ruleset:
pass in all
pass out all
Best wishes,
Gábor Kövesdán
More information about the freebsd-questions
mailing list