Difference between revisions of "Ipfw"
From Teknologisk videncenter
m |
m (→/etc/ipfw.rules script) |
||
| Line 24: | Line 24: | ||
$cmd 00200 deny ip from any to 127.0.0.0/8 | $cmd 00200 deny ip from any to 127.0.0.0/8 | ||
$cmd 00300 deny ip from 127.0.0.0/8 to any | $cmd 00300 deny ip from 127.0.0.0/8 to any | ||
| − | $cmd 00301 deny ip from 118.175.0.0/16 to any | + | $cmd 00301 deny log ip from 118.175.0.0/16 to any #Log til /var/log/security via syslog |
| − | |||
$cmd 65000 allow ip from any to any | $cmd 65000 allow ip from any to any | ||
################### End of example ipfw rules script ############ | ################### End of example ipfw rules script ############ | ||
Revision as of 16:35, 18 November 2010
Contents
ipfw -- IP firewall and traffic shaper control program
/etc/rc.conf
#IPFW enable firewall
firewall_enable="YES"
firewall_type="open"
firewall_script="/etc/ipfw.rules"/etc/sysctl.conf
net.inet.ip.fw.verbose=1
net.inet.ip.fw.verbose_limit=5/etc/ipfw.rules script
############### start of example ipfw rules script #############
#http://www.freebsd.org/doc/handbook/firewalls-ipfw.html
ipfw -q -f flush # Delete all rules
# Set defaults
oif="vr1" # out interface
cmd="ipfw -q add " # build rule prefix
ks="keep-state" # just too lazy to key this each time
$cmd 00100 allow ip from any to any via lo0
$cmd 00200 deny ip from any to 127.0.0.0/8
$cmd 00300 deny ip from 127.0.0.0/8 to any
$cmd 00301 deny log ip from 118.175.0.0/16 to any #Log til /var/log/security via syslog
$cmd 65000 allow ip from any to any
################### End of example ipfw rules script ############