To: <freebsd-questions@freebsd.org>
Sent: Monday, February 21, 2005 12:01 PM
Subject: IPFW config
Set IPFW to allow traffic on ports 80, 10000, and 23 (That's the default SSH port, right?)
Then start IPFW with the kernel module (I know how to do this)
fwcmd=/sbin/ipfw myip=x.x.x.x mymask=255.255.255.0
setup_loopback
# Allow icmp
${FWCMD} add pass icmp from any to any icmptypes 0,3,8,11,12,13,14 via xl0# Setup dynamic rules
${fwcmd} add check-state
${fwcmd} add deny tcp from any to any via xl0 established# Allow DNS queries out to the world
${fwcmd} add allow udp from ${ip} to any via xl0 keep-state
${fwcmd} add deny udp from any to any
# Allow all outbound traffic
${fwcmd} add allow ip from ${myip} to any via xl0 setup keep-state# Allow inbound http, ssh and port 10000
${fwcmd} add allow tcp from any to ${myip} http via xl0 setup keep-state
${fwcmd} add allow tcp from any to ${myip} ssh via xl0 setup keep-state
${fwcmd} add allow tcp from any to ${myip} 10000 via xl0 setup keep-state# Allow IP fragments to pass through
${fwcmd} add pass all from any to any frag via xl0# Deny everything else
${fwcmd} add deny ip from any to any via xl0Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
