On Mon, Nov 25, 2002 at 08:57:15PM -0500, Phierce wrote:
From: "Phierce" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: IPFW Help
Date: Mon, 25 Nov 2002 20:57:15 -0500
Hello All,
New to the FreeBSD os, but learning... havint some trouble with IPFW
below is what it looks like I can sh rc.firewall with no errors, but yet my
root account is still unable to ping out I recieve permission denied.
Wondering if anyone could help me out.
How did you run script? I suposse you forgot parameter and in rc.conf
firewall_type is not set.
# sh /etc/rc.firewall custom
or
in /etc/rc.conf
firewall_type="custom"
#
# Suck in the configuration variables.
if [ -z "${source_rc_confs_defined}" ]; then
if [ -r /etc/defaults/rc.conf ]; then
. /etc/defaults/rc.conf
source_rc_confs
elif [ -r /etc/rc.conf ]; then
. /etc/rc.conf
fi
fi
#
if [ -n "${1}" ]; then
firewall_type="${1}"
fi
# Set quiet mode if requested
#
case ${firewall_quiet} in
[Yy][Ee][Ss])
fwcmd="/sbin/ipfw -q"
;;
*)
fwcmd="/sbin/ipfw"
;;
esac
#######################################################
# Flush out the list before we begin.
#
${fwcmd} -f flush
case ${firewall_type} in
[Cc][Uu][Ss][Tt][Oo][Mm])
# set these to your network netmask and ip
net="192.168.1.1"
mask="255.255.255.0"
ip="192.168.1.10"
# Deny all fragments as bogus packets
${fwcmd} add 00100 deny log all from any to any frag
#Allow any TCP UDP traffic from my own net.
${fwcmd} add 00200 allow all from any to any via lo0
${fwcmd} add 00300 deny log ip from any to 127.0.0.1/8
#We should allow in&out some TCP and udp ports.
${fwcmd} add 00400 allow tcp from any to any 32000-65535
${fwcmd} add 00500 allow udp from any to any 32000-65535
#Allow TCP through if setup succeeded
${fwcmd} add 00600 allow tcp from any to any established
#Allow access to FTPD
${fwcmd} add 00700 allow tcp from any to ${ip} 21
${fwcmd} add 00800 allow tcp from any 20 to any 1024-49151 out
#Allow access to OPENSSH
${fwcmd} add 00900 allow tcp from any to ${ip} 22
#Allow access to SENDMAIL
${fwcmd} add 01000 allow tcp from any to any 25
#Allow access to BIND
${fwcmd} add 01100 allow udp from ${ip} to any
${fwcmd} add 01200 allow udp from any to ${ip}
#Allow access to FINGER
${fwcmd} add 01300 allow tcp from any to any 79
#Allow access to HTTP
${fwcmd} add 01400 allow tcp from any to any 80
#Allow access to POP3
${fwcmd} add 01500 allow tcp from any to any 110
#Allow access to IDENT
${fwcmd} add 01600 allow tcp from any to any 113
${fwcmd} add 01700 allow udp from any to any 113
#Allow access to IMAP
${fwcmd} add 01800 allow tcp from any to any 143
#Allow access to HTTPS
${fwcmd} add 01900 allow tcp from any to any 443
#Allow access to SUBMISSION
${fwcmd} add 02000 allow udp from any to any 512
${fwcmd} add 02100 allow udp from any to any 520
#Allow access to IRC
${fwcmd} add 02200 allow tcp from any to any 6667
${fwcmd} add 02300 allow tcp from any to any 6668
${fwcmd} add 02400 allow tcp from any to any 6669
#Extended account access
${fwcmd} add 02500 allow all from any to any uid USERNAME
${fwcmd} add 02600 allow icmp from any to any uid USERNAME
${fwcmd} add 02700 allow tcp from any to any uid USERNAME
${fwcmd} add 02800 allow icmp from any to any uid USERNAME
#root access non-restrictive
${fwcmd} add 02900 allow all from any to any uid root
${fwcmd} add 03000 allow icmp from any to any uid root
#lastly we deny everything by default here as well as in the kernel.
${fwcmd} add 03100 deny log all from any to any
;;
esac
Thanks
-Zack
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.419 / Virus Database: 235 - Release Date: 11/13/2002
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
--
Regards,
D. Penev
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message