IPFW config

SigmaX scottclansman at cwazy.co.uk
Mon Feb 21 02:18:20 GMT 2005 

Paul Schmehl wrote:

> ----- Original Message ----- From: "SigmaX" <scottclansman at cwazy.co.uk>
> To: <freebsd-questions at freebsd.org>
> Sent: Monday, February 21, 2005 12:01 PM
> Subject: IPFW config
>
>>
>> Set IPFW to allow traffic on ports 80, 10000, and 23 (That's the 
>> default SSH port, right?)
>> Then start IPFW with the kernel module (I know how to do this)
>>
> fwcmd=/sbin/ipfw
> myip=x.x.x.x
> mymask=255.255.255.0
>
> setup_loopback
>
> # Allow icmp
> ${FWCMD} add pass icmp from any to any icmptypes 0,3,8,11,12,13,14 via 
> xl0
>
> # Setup dynamic rules
> ${fwcmd} add check-state
> ${fwcmd} add deny tcp from any to any via xl0 established
>
> # Allow DNS queries out to the world
> ${fwcmd} add allow udp from ${ip} to any via xl0 keep-state
> ${fwcmd} add deny udp from any to any        
> # Allow all outbound traffic
> ${fwcmd} add allow ip from ${myip} to any via xl0 setup keep-state
>
> # Allow inbound http, ssh and port 10000
> ${fwcmd} add allow tcp from any to ${myip} http via xl0 setup keep-state
> ${fwcmd} add allow tcp from any to ${myip} ssh via xl0 setup keep-state
> ${fwcmd} add allow tcp from any to ${myip} 10000 via xl0 setup keep-state
>
> # Allow IP fragments to pass through
> ${fwcmd} add pass all from any to any frag via xl0
>
> # Deny everything else
> ${fwcmd} add deny ip from any to any via xl0
>
> Paul Schmehl (pauls at utdallas.edu)
> Adjunct Information Security Officer
> University of Texas at Dallas
> AVIEN Founding Member
> http://www.utdallas.edu/
>
Well... *ahem*...  I put the above script into /etc/ipfw.rules and did 
"kldload ipfw.ko && sh /etc/ipfw.rules".  I lost connectivity to the 
server.  Did the above script only open those ports to localhost or 
something?  I can go in tonight and fix it from the local computer, but 
I'd like to know what to do when I get there.  I need to have 
connectivity to said ports from the internet... apparently I don't :-P.
    Cheerio,
        SigmaX

-- 
Registered Linux Freak #: 366,862

"If you think of MS-DOS as mono, and Windows as stereo, then Linux is Dolby Pro-Logic Surround Sound with Bass Boost and all the music is free."

More information about the freebsd-questions mailing list