To: <freebsd-questions@freebsd.org>
Cc: "Paul Schmehl" <[EMAIL PROTECTED]>
Sent: Monday, February 21, 2005 8:14 PM
Subject: Re: IPFW config
Well... *ahem*... I put the above script into /etc/ipfw.rules and did "kldload ipfw.ko && sh /etc/ipfw.rules". I lost connectivity to the server.
Geez, I thought you learned from the first time....
>Did the above script only open those ports to localhost or
something?
It was meant to be an example for you to work from. It's taken from a working example that I use on several servers, altered to meet the requirements you gave in your post.
First of all, you should *never* work on a firewall config remotely. Secondly, the expectation is that you will take information give here and use it with a grain of salt.
Try this. Sitting at the console in front of the computer, enable the firewall:
% ipfw enable firewall
This will block all access to the computer.
Now type this at the command line:
% ipfw add allow tcp from any to (type in the computer's IP address here) ssh
Now ssh to some other computer that you have access to and back to this computer and see if you don't get in. (Note that the assumption is that you have not yet configured /etc/hosts.allow to deny access from the computer you're ssh'ing back to this computer from.)
Look at the /etc/rc.firewall script. Read man ipfw carefully. Don't forget that you must enable the firewall in the /etc/rc.conf file, but you must *also* define what *type* of firewall it is.
Here's an example: firewall_enable="YES" firewall_logging_enable="YES" firewall_quiet="NO" firewall_script="/etc/rc.firewall" firewall_type="CLIENT"
Paul Schmehl ([EMAIL PROTECTED])
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/
_______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
