hansaplast
Programmer
Hi,
I'm having trouble configuring my ipfw.
I want all incomming traffic to be blocked.
All outgoing traffic from my network is allowed.
Here's my config:
# Variables
EXT_IP="62.x.x.24"
INT_NET="192.168.0.0/24"
NATD_INTERFACE="xl0"
# Fluss the rules
ipfw -f flush
# Enable natd
ipfw add 50 divert natd all from any to any via $NATD_INTERFACE
# Setup loopback
ipfw add 100 pass all from any to any via lo0
ipfw add 200 deny all from any to 127.0.0.0/8
ipfw add 300 deny ip from 127.0.0.0/8 to any
# Drop and log all other inbound traffic
ipfw add deny log all from any to any
# Allow all internal traffic
ipfw add pass all from $INT_NET to any setup
# Allow all outgoing traffic
ipfw add pass all from $INT_NET to any
# Allow established connections and IP fragments to pass through
ipfw add allow tcp from any to any established
ipfw add allow all from any to any frag
I'm having trouble configuring my ipfw.
I want all incomming traffic to be blocked.
All outgoing traffic from my network is allowed.
Here's my config:
# Variables
EXT_IP="62.x.x.24"
INT_NET="192.168.0.0/24"
NATD_INTERFACE="xl0"
# Fluss the rules
ipfw -f flush
# Enable natd
ipfw add 50 divert natd all from any to any via $NATD_INTERFACE
# Setup loopback
ipfw add 100 pass all from any to any via lo0
ipfw add 200 deny all from any to 127.0.0.0/8
ipfw add 300 deny ip from 127.0.0.0/8 to any
# Drop and log all other inbound traffic
ipfw add deny log all from any to any
# Allow all internal traffic
ipfw add pass all from $INT_NET to any setup
# Allow all outgoing traffic
ipfw add pass all from $INT_NET to any
# Allow established connections and IP fragments to pass through
ipfw add allow tcp from any to any established
ipfw add allow all from any to any frag