Unifix knowledge database - The original one

Dashboard - News - Search - List - About - Admin


Cafe firewall FreeBSD

Author:mike - Mon Sep 13 20:38:09 2004

==== rc.conf ===============================================

defaultrouter="192.168.10.1"
hostname="npcafe.secure-net.dk"
ifconfig_vr0="inet 10.10.10.254 netmask 255.255.255.0"
ifconfig_sis0="inet 192.168.10.199 netmask 255.255.255.0"

gateway_enable="YES"
sshd_enable="YES"
usbd_enable="YES"
apache2_enable="YES"
named_enable="YES"

smbd_enable=YES
nmbd_enable=YES
dhcpd_enable=YES
dhcpd_ifaces=vr0

firewall_enable=YES

natd_enable="YES"
natd_interface="sis0"


==== firewall =============================================

#!/bin/sh

case "$1" in
start)
        echo Starting firewall
        ipfw -f flush

        natd -n sis0
        ipfw add divert natd ip from any to any via sis0

        ipfw pipe 3 config bw 128Kbit/s queue 10   # Intet
        ipfw pipe 2 config bw 2Mbit/s queue 10     # Mindre end vi har
        ipfw pipe 1 config bw 10Mbit/s queue 10    # Mere end vi har

        ipfw add allow all from any to me 445 keep-state
#       ipfw add allow all from any to 212.242.77.76 22 keep-state

        ipfw add deny all from 10.10.10.10/24 to any 22 keep-state

#Ting der er vigtige
        ipfw add pipe 1 all from any 22 to any     #    SSH
        ipfw add pipe 1 all from any 27960 to any  #    Quake3

#Ting der er semi vigtige
        ipfw add pipe 2 all from any 80 to any     #    HTTP

#Ting der kan vaere lige meget
        ipfw add pipe 3 all from any to any        #    Resten

        ipfw add accept all from any to any
        exit 0
        ;;
stop)
        echo Stopping firewall
        killall natd
        # Minimal firewall settings, all allow for self and mike
        ipfw -f flush
        ipfw add allow all from any to any via lo0
        ipfw add allow all from me to any keep-state
        ipfw add allow all from 212.242.77.76 to me keep-state
        ;;
open)
        echo Opening up firewall
        ipfw -f flush
        ipfw add allow all from any to any
        ;;
*)
        echo "Usage: `basename $0` {start|stop|open}" >&2
        exit 64
        ;;
esac


==== old firewall ============================== [syntax]



#!/bin/sh

case "$1" in
start)
        echo Starting firewall
        ipfw -f flush

        natd -n sis0
        ipfw add divert natd ip from any to any via sis0

        # Clients to me

        ipfw add allow all from 10.10.10.10/24 to me 139 keep-state #smb
        ipfw add allow all from 10.10.10.10/24 to me 68 keep-state  #dhcp
        ipfw add allow all from 10.10.10.10/24 to me 53 keep-state  #dns

        # Admin to me
        ipfw add allow all from 10.10.10.100 to me keep-state # kasse
        ipfw add allow all from 212.242.77.76 to me keep-state # mike
        ipfw add allow all from 81.19.234.132 to me keep-state # mike-2


        # Clients to world
        ipfw add deny all from 10.10.10.10/24 to any 445 keep-state #vira
        ipfw add allow all from 10.10.10.10/24 to any keep-state    #open


        ipfw pipe 2 config bw 2Mbit/s queue 10
        ipfw pipe 1 config bw 128Kbit/s queue 10

        # layer 1 stuff
        ipfw add queue 2 tcp from 10.10.10.10/24 to any 53 out
#       ipfw add queue 1 tcp from 10.10.10.10/24 to any 27960 out
#       ipfw add queue 1 tcp from 10.10.10.10/24 to any 22 out

        # layer 2 stuff
        #ipfw add queue 2 tcp from 10.10.10.10/24 to any 80 out
#       ipfw add queue 2 tcp from 10.10.10.10/24 to any 21 out
#       ipfw add queue 2 tcp from 10.10.10.10/24 to any 596 out

        # layer 3 stuff - Anything not mentioned above gets the crap
        ipfw add pipe 1 all from any to any out



        ipfw add accept all from any to any

        exit 0
        ;;
stop)
        echo Stopping firewall
        killall natd
        # Minimal firewall settings, all allow for self and mike
        ipfw -f flush
        ipfw add allow all from any to any via lo0
        ipfw add allow all from me to any keep-state
        ipfw add allow all from 212.242.77.76 to me keep-state
        ;;
open)
        echo Opening up firewall
        ipfw -f flush
        ipfw add allow all from any to any
        ;;
*)
        echo "Usage: `basename $0` {start|stop|open}" >&2
        exit 64
        ;;
esac
Copyright(c) Unifix.org 2002-2011


Dashboard - News - Search - List - About - Admin
 
Powered by Mikjaer Consulting Solutions - Hosted by Specialhosting.dk