Help needed in correcting IFPW2 ruleset
mumija at o2.pl
Sun May 9 04:53:57 PDT 2004
Im newbie in IPFW bsd firewall so I wanted to ask that anybody can
check my rules (below) if they are out of rubbish and fairly secure.
System is not protecting any network, just himself, he has to be able
to send DHCP questions, DNS questions (i dont have bind on him), also
he serve www page, and has to allow people to log in vi ssh2 and use
smtp, pop3 and irc. I think, thats all.
Please take a while and give me some (if any needed) suggestions on
this rules security and functionality.
Thanks a lot for any help & comments!!
#loopback na lo0
add 100 pass all from any to any via lo0
add 110 deny all from any to 127.0.0.0/8
add 120 deny ip from 127.0.0.0/8 to any
add 200 deny all from 10.0.0.0/8 to any via fxp0
add 210 deny all from 172.16.0.0/12 to any via fxp0
add 220 deny all from 192.168.0.0/16 to any via fxp0
add 230 deny all from 169.254.0.0/16 to any via fxp0
add 240 deny all from 192.0.2.0/24 to any via fxp0
add 250 deny all from 220.127.116.11/4 to any via fxp0
add 260 deny all from 240.0.0.0/4 to any via fxp0
add 300 pass tcp from any to any established
add 310 pass all from any to any frag
add 320 pass all from any to me 25 setup
add 330 pass udp from me 53 to any via fxp0
add 340 pass tcp from any to me 80 setup
add 350 deny log tcp from any to any via fxp0 setup
add 360 pass tcp from any to any setup
add 65000 deny all from anty to any vi any
Best regards, mumija.
More information about the freebsd-ipfw