ipfw problem

[hansaplast]

Hi,

I'm having trouble configuring my ipfw.
I want all incomming traffic to be blocked.
All outgoing traffic from my network is allowed.

Here's my config:

# Variables
EXT_IP="62.x.x.24"
INT_NET="192.168.0.0/24"

NATD_INTERFACE="xl0"

# Fluss the rules
ipfw -f flush

# Enable natd
ipfw add 50 divert natd all from any to any via $NATD_INTERFACE

# Setup loopback
ipfw add 100 pass all from any to any via lo0
ipfw add 200 deny all from any to 127.0.0.0/8
ipfw add 300 deny ip from 127.0.0.0/8 to any

# Drop and log all other inbound traffic
ipfw add deny log all from any to any

# Allow all internal traffic
ipfw add pass all from $INT_NET to any setup

# Allow all outgoing traffic
ipfw add pass all from $INT_NET to any

# Allow established connections and IP fragments to pass through
ipfw add allow tcp from any to any established
ipfw add allow all from any to any frag

 

[groovin]

# Drop and log all other inbound traffic
ipfw add deny log all from any to any

shouldnt this be something like

ipfw add deny log all from any to any in via $EXT_INT

but you may want to define a variable for the external interface (same as natd_interface i suppose) as $EXT_INT or somethign like it.

you might want to use dynamic rules to handle your outgoing traffic... check man ipfw and scroll down a ways. it has some examples. i posted my config in another thread, but no ones looked over that yet.

im not a ipfw expert, just making some suggestions! hope it helps!