elstar.com.au

by **stephen** » Fri Mar 20, 2009 6:54 am

Reference
http://www.cyberciti.biz/faq/howto-setup-freebsd-ipfw-firewall/

Added this to /etc/rc.conf

Code: Select all: firewall_enable="YES" firewall_script="/usr/local/etc/ipfw.rules" firewall_logging="YES"

I store my firewall rules in
/usr/local/etc/ipfw.rules

Code: Select all: IPF="ipfw -q add" ipfw -q -f flush # testing allow sjk $IPF 1 allow all from 222.222.222.187 to any in $IPF 2 allow all from 222.222.222.42 to any in $IPF 3 allow all from 222.222.222.187 to any out $IPF 4 allow all from 222.222.222.42 to any out #loopback $IPF 10 allow all from any to any via lo0 $IPF 20 deny all from any to 127.0.0.0/8 $IPF 30 deny all from 127.0.0.0/8 to any $IPF 40 deny tcp from any to any frag # statefull $IPF 50 check-state $IPF 60 allow tcp from any to any established $IPF 70 allow all from any to any out keep-state $IPF 80 allow icmp from any to any # open port ftp (20,21), ssh (22), mail (25) # http (80), dns (53) etc $IPF 110 allow tcp from any to any 21 in $IPF 111 allow tcp from any to any 21 out $IPF 112 allow tcp from any to any 20 in $IPF 113 allow tcp from any to any 20 out # sjk block attachers $IPF 121 deny tcp from 211.78.162.171 to any 22 in $IPF 122 deny tcp from 202.146.0.0/16 to any 22 in $IPF 123 deny tcp from 213.202.0.0/16 to any 22 in $IPF 124 deny tcp from 61.16.0.0/16 to any 22 in $IPF 125 deny tcp from 218.56.0.0/16 to any 22 in $IPF 126 deny tcp from 122.224.0.0/16 to any 22 in $IPF 127 deny tcp from 58.68.0.0/16 to any 22 in $IPF 128 deny tcp from 201.17.0.0/16 to any 22 in $IPF 130 allow tcp from any to any 22 in $IPF 140 allow tcp from any to any 22 out $IPF 150 allow tcp from any to any 25 in $IPF 160 allow tcp from any to any 25 out $IPF 170 allow udp from any to any 53 in $IPF 175 allow tcp from any to any 53 in $IPF 180 allow udp from any to any 53 out $IPF 185 allow tcp from any to any 53 out $IPF 200 allow tcp from any to any 80 in $IPF 210 allow tcp from any to any 80 out # ssl smtps $IPF 220 allow tcp from any to any 465 in $IPF 221 allow tcp from any to any 465 out $IPF 222 allow tcp from any to any 587 in $IPF 223 allow tcp from any to any 587 out $IPF 224 allow tcp from any to any 143 in $IPF 225 allow tcp from any to any 143 out # pop3s $IPF 230 allow tcp from any to any 995 in $IPF 231 allow tcp from any to any 995 out $IPF 232 allow tcp from any to any 110 in $IPF 233 allow tcp from any to any 110 out # https $IPF 240 allow tcp from any to any 443 in $IPF 241 allow tcp from any to any 443 out # allow from xxx while testing $IPF 310 allow tcp from 222.222.222.187 to any in $IPF 311 allow tcp from 222.222.222.187 to any out # allow from server.xxxx.com.au while testing $IPF 320 allow tcp from 222.222.222.42 to any in $IPF 321 allow tcp from 222.222.222.42 to any out # deny who and rlogin $IPF 400 deny tcp from any to any 513 $IPF 401 deny udp from any to any 513 # NetBIOS datagram $IPF 402 deny udp from any to any 138 $IPF 403 deny tcp from any to any 137 $IPF 404 deny udp from any to any 137 # deny and log everything $IPF 500 deny log all from any to any

To start the firewall
sh /usr/local/etc/ipfw.rules

elstar.com.au

Freebsd firewall

Freebsd firewall

Who is online