laptop firewall rules
Eric F Crist
ecrist at secure-computing.net
Mon Oct 31 03:52:34 PST 2005
On Oct 30, 2005, at 6:23 PM, Eric F Crist wrote:
> On Oct 30, 2005, at 4:41 PM, andy at neu.net wrote:
>
>
>> Does anyone have a good example of a firewall ruleset for a wireless
>> interface in a laptop, or a pointer to documentation? I want to use
>> IPFilter on 6.0 rc1. I want to let all connections out and keep
>> state,
>> but block all incoming from the outside.
>>
>> TIA
>>
>
>
> That ruleset is easy:
>
> ipfw add check-state
> ipfw add allow tcp from me to any setup keep-state
> ipfw add allow tcp from any to any established
> ipfw add deny from any to me in
>
> This should do the trick.
I forgot a couple of rules here. I'm assuming you want DNS to
function, so here's another rule to add, immediately above the last,
deny, line:
ipfw add allow udp from me to any
ipfw add allow udp from any 53 to me 53
Also, that last line above should read:
ipfw add deny all from any to me in
-----
Eric F Crist
Secure Computing Networks
http://www.secure-computing.net
More information about the freebsd-questions
mailing list