Unifix knowledge database - The original one

Dashboard - News - Search - List - About - Admin


Packet filtering in FreeBSD

Author:mike - Tue Jun 10 23:12:36 2003

FreeBSD got a packet filter like linux also, very simple to use and the rules are imo way more simple than those in linux.

First you gotta recompile your kernel with:

options IPFIREWALL

in it, when you boot the kernel EVERY KIND OF NETACTIVITY WILL BE BLOCKED, until you specify else,

ipfw add allow all from any to any

Will open the gates again.

This is done very simple, this is my former firewall script (Now i run OpenBSD as firewall)

---------------------------------------------------------------------
#!/bin/sh
fwcmd="/sbin/ipfw"
${fwcmd} -f flush

globip="80.196.157.241"

# Vi lader UDP komme både ind og ud, kan lave bedre og er bedre i min nye :)
${fwcmd} add pass udp from any to any

# Det samme med icmp, der vil man måske enten vælge at lukke helt eller blokere broadcasts m.m.
${fwcmd} add pass icmp from any to any
# Pakker fra TCP forbindelser som en gang er oprettet må godt komme igennem
${fwcmd} add pass tcp from any to any established
# Dele af fragmenterede pakker må godt komme igennm
${fwcmd} add pass all from any to any frag

# Allow setup of incoming connections
# Yes vi kører en irc server
${fwcmd} add pass tcp from any to ${globip} 6667 setup
# Localnet må ssh ind
${fwcmd} add pass tcp from 10.1.1.0/24 to ${globip} 22 setup
# Og verden må se vores hjemmeside
${fwcmd} add pass tcp from any to ${globip} 80 setup

# Dont restrict ourself , siger sig selv
${fwcmd} add pass tcp from 80.196.157.241 to any
${fwcmd} add pass tcp from 10.1.1.0/24 to any
${fwcmd} add pass tcp from localhost to any

# Allow ipv6
# Vi lader ipv6 komme igennem (Det render så direkte ind til ipv6 firewallen som du så self skal sætte op også)
${fwcmd} add pass ipv6 from any to any

---------------------------------------------------------------------
Copyright(c) Unifix.org 2002-2011


Dashboard - News - Search - List - About - Admin
 
Powered by Mikjaer Consulting Solutions - Hosted by Specialhosting.dk