Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IPFW rules for FreeBSD?

Status
Not open for further replies.
pipman

pipman

IS-IT--Management
Mar 3, 2004
10
0
0
US
Hey Guys,

My FreeBSD server got hacked and I would like to finally configure a IPFW firewall. I've got it install and enabled ok, but I just confused by the rules to configure the firewall.

Basically I was hoping that someone could send me some simple & easy to understand IPFW rules that will only enable the ports for WWW, DNS, SMTP, POP3, SSH2, and SNMPD. And have all the other ports denied.

Any help would be greatly appreciated.

Regards,

Dan
 
Sort by date Sort by votes
After looking at various examples. Here are the IPFW rules that I've come up with so far. Please let me know if there is anything wrong with these, like being in the wrong order, redundant rules or too insecure. Any help would be greatly appreciated.


#########################################################
# IPFW Firewall Commands
#########################################################

cmd="ipfw -q add"
ipfw -q -f flush


#########################################################
# Allow Loopback and Deny Loopback Spoofing
#########################################################

$cmd allow ip from any to any via lo0
$cmd deny ip from any to 127.0.0.0/8
$cmd deny ip from 127.0.0.0/8 to any
$cmd deny tcp from any to any frag


#########################################################
# Stateful Rules
#########################################################

$cmd check-state
$cmd allow tcp from any to any established
$cmd allow ip from any to any keep-state out
$cmd allow icmp from any to any


#########################################################
# Incoming/Outgoing Services
#########################################################

$cmd allow tcp from any to any 22 keep-state setup
$cmd allow tcp from any to any 25 keep-state setup
$cmd allow tcp from any to any 53 keep-state setup
$cmd allow udp from any to any 53 keep-state
$cmd allow tcp from any to any 80 keep-state setup
$cmd allow tcp from any to any 110 keep-state setup
$cmd allow udp from any to any 161 keep-state
$cmd allow udp from any to any 27015 keep-state


#########################################################
# Deny and Log
#########################################################

$cmd deny log ip from any to any
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
143
Johnkite
Johnkite
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
121
XLNTech1
XLNTech1
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
173
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
53
WhosYourDiffie
WhosYourDiffie
acabezas2014
  • Locked
  • Question
Configuring ASA for Network Segmentation
Replies
1
Views
66
acabezas2014
acabezas2014

Part and Inventory Search

Sponsor

Back
Top