ipfw

From: William J. Borskey (wborskey@hotmail.com)
Date: 05/05/02


From: "William J. Borskey" <wborskey@hotmail.com>
To: security@freebsd.org
Date: Sat, 04 May 2002 20:36:52 -0700


is it possible to write rules for ipfw using ethernet addresses instead of
ip addresses?

ipfw -q -f flush
ipfw -q add 00100 allow ip from any to any via lo0
ipfw -q add 00220 deny log ip to me 22 from any in
ipfw -q add 00100 allow ip from any to any
ipfw -q add 00225 deny log tcp from any to any in tcpflags syn,fin
ipfw -q add 00230 check-state
ipfw -q add 00235 deny tcp from any to any in established
ipfw -q add 00240 allow ip from any to any out keep-state
ipfw -q add 00250 deny tcp from any to any 6000
ipfw -q add 00900 deny log ip from any to any

and is this ok to block everything except ssh?

_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Relevant Pages

  • Re: too many dynamic rules
    ... I myself use ipf/ipnat so I'm not so familliar with ipfw ruleset, ... > add 00202 deny log all from any to 10.0.0.0/8 ... > add 00600 allow icmp from any to any icmptypes 3 ...
    (FreeBSD-Security)
  • Re: Whats the point of not allowing all outgoing traffic by default?
    ... Outbound traffic is normally disallowed by default, and you have to setup an explicit rule that you want it. ... ipfw add 3 deny log ip from any to me out ... ipfw add 9 deny log tcp from me to any smtp out ...
    (comp.security.firewalls)
  • Re: ipfw subnetting
    ... ipfw add allow ip from any to any via lo0 ... ipfw add deny log ip from 180.0.0.0/8 to any in recv $ext_if ... ipfw add check-state ...
    (freebsd-questions)
  • Re: IPFW Problems
    ... I doing this over an SSH connection, ... there seems to be something odd with ipfw. ... ipfw add 00299 deny log all from any to any out via bge0 ... ipfw add 0430 allow log tcp from any to me 22 in via bge0 setup limit ...
    (freebsd-questions)
  • Re: ipfw configuration to connect to localhost
    ... listeners on your box, are they bound to *, or just to on ... Use ipfw show to display more accurate information about ... on the lo0 rule? ... ipfw 65500 deny log ip from any to any via lo0 ...
    (comp.security.unix)