Are 4 IPFW rules enough?

Kevin Curran kevin at curranfamilynet.net
Wed Jun 16 00:56:45 PDT 2004


I have a cable modem and I'm using 4.9 as a NAT router for my home
network.  I have 4 rules in my ipfw config.  The first enables NAT and
the last is 65000 allow any to any.

In between I ha 2 rules to deny access to ports 53 and 110 on the
Internet side.  That's all.  

Here's my thinking: I use inetd.conf to enable only the services I want,
therefore the ports on which those services are listening I would want
open.  The two other ports I want to filter on the WAN side are filtered
by the rules above.  All the other ports are closed, anyway, so why
spend time debugging an elaborate rule set?

 





More information about the freebsd-questions mailing list