Setting up a simple freebsd firewall using ipfw
1.First you will want to edit /etc/rc.conf and add the following. You can do so by typing ‘edit /etc/rc.conf’ from the command prompt.
firewall_enable="YES"
firewall_script="YES"
firewall_script="/etc/ipfw.rules"
2.Then you will want to create the rules file. You can do so by typing ‘edit /etc/ipfw.rules’ from the command prompt. I would add some simple rules like the ones below.
# servercmd="ipfw -q add"ipfw -q -f flushks="keep-state"#loopback$cmd 10 allow all from any to any via lo0$cmd 20 deny all from any to 127.0.0.0/8$cmd 30 deny all from 127.0.0.0/8 to any$cmd 40 deny tcp from any to any frag# stateful$cmd 50 check-state$cmd 60 allow tcp from any to any established$cmd 70 allow all from any to any out keep-state$cmd 80 allow icmp from any to any# services#ftp$cmd 110 allow tcp from any to any 21 in$cmd 120 allow tcp from any to any 21 out#ssh$cmd 130 allow tcp from any to any 22 in$cmd 140 allow tcp from any to any 22 out#smtp$cmd 150 allow tcp from any to any 25 in$cmd 160 allow tcp from any to any 25 out#dns$cmd 170 allow udp from any to any 53 in$cmd 175 allow tcp from any to any 53 in$cmd 180 allow udp from any to any 53 out$cmd 185 allow tcp from any to any 53 out#http$cmd 200 allow tcp from any to any 80 in$cmd 210 allow tcp from any to any 80 out#pop3$cmd 220 allow tcp from any to any 110 in$cmd 230 allow tcp from any to any 110 out#ntp$cmd 240 allow udp from any to any 123 in$cmd 250 allow udp from any to any 123 out#https$cmd 260 allow tcp from any to any 443 in$cmd 270 allow tcp from any to any 443 out# deny log$cmd 999 deny log all from any to any
3.Now you can start the firewall by either rebooting your machine or doing this command
# sh /etc/ipfw.rules
4.You can then list the rules in sequence by doing the following command
#sh ipfw list
No comments:
Post a Comment