Can I make this simple ipfw ruleset more restrictive ?
case at SDF.ORG
Mon Sep 8 16:08:07 UTC 2014
I have a very simple firewall - it sits on the network border and it
*blocks everything*, and the only traffic that is allowed is for internal
clients to make outbound port 40 connections.
Also internal clients can ping and traceroute.
But that's it - no other connections in or out are allowed. I havet he
following ruleset that is working perfectly:
ipfw add 10 allow tcp from any to any established
ipfw add 20 allow icmp from any to any icmptypes 0,3,8,11
ipfw add 21 allow udp from any to any 33433-33499 in via fxp1
ipfw add 30 allow tcp from any to any 40 in via fxp1
(fxp1 is the *internal* interface, and so I allow the port 40 connections
and the udp for traceroute only for requests that come in from the
Is there anything I have screwed up here ? Any connections that can come
in or out that I am trying to avoid ?
Is there any way to lock this down any further ?
Thanks very much.
More information about the freebsd-questions