Personal Firewall with IPFW
Horinouchi Hiroyuki
chofu.tap at ce.wakwak.com
Thu Sep 29 13:53:12 UTC 2005
Hi
I would be interested in hearing opinion about the personal firewal
confuguring with IPFW.
I will make a personal firewall referring to the example has been shown by
you.
I am using mobile PC.
Therefore, the connection destination and the interface are also different
in every case.
Is a stateful filtering possible even in such an environment?
The address of the DNS server and the address of the DHCP server are
different
according to the situation.
I will omit the via interface.
In addition, a part of the rule that you showed is changed as follows.
ipfw -q -f flush
cmd="ipfw -q add"
$cmd 00010 allow all from any to any via lo0
$cmd 00015 check-state
$cmd 00110 allow tcp from any to any 53 out setup keep-state
$cmd 00111 allow udp from any to any 53 out keep-state
$cmd 00120 allow log udp from any to any 67 out keep-state
$cmd 00200 allow tcp from any to any 80 out setup keep-state
$cmd 00220 allow tcp from any to any 443 out setup keep-state
$cmd 00230 allow tcp from any to any 25 out setup keep-state
$cmd 00231 allow tcp from any to any 110 out setup keep-state
$cmd 00250 allow icmp from any to any out keep-state
$cmd 00260 allow tcp from any to any 37 out setup keep-state
$cmd 00270 allow tcp from any to any 119 out setup keep-state
$cmd 00280 allow tcp from any to any 22 out setup keep-state
$cmd 00290 allow tcp from any to any 43 out setup keep-state
$cmd 00299 deny log all from any to any out
$cmd 00300 deny all from 192.168.0.0/16 to any in
$cmd 00301 deny all from 172.16.0.0/12 to any in
$cmd 00302 deny all from 10.0.0.0/8 to any in
$cmd 00303 deny all from 127.0.0.0/8 to any in
$cmd 00304 deny all from 0.0.0.0/8 to any in
$cmd 00305 deny all from 169.254.0.0/16 to any in
$cmd 00306 deny all from 192.0.2.0/24 to any in
$cmd 00307 deny all from 204.152.64.0/23 to any in
$cmd 00308 deny all from 224.0.0.0/3 to any in
$cmd 00310 deny icmp from any to any in
$cmd 00315 deny tcp from any to any 113 in
$cmd 00320 deny tcp from any to any 137 in
$cmd 00321 deny tcp from any to any 138 in
$cmd 00322 deny tcp from any to any 139 in
$cmd 00323 deny tcp from any to any 81 in
$cmd 00330 deny all from any to any frag in
$cmd 00332 deny tcp from any to any established in
$cmd 00360 allow udp from any to any 67 in keep-state
$cmd 00499 deny log all from any to any in
$cmd 00999 deny log all from any to any
It would be greatly appreciated if something good advice could be gotten.
More information about the freebsd-doc
mailing list