rc.firewall (15027) | rc.firewall (15210) |
---|---|
1############ 2# Setup system for firewall service. | 1############ 2# Setup system for firewall service. |
3# $Id$ | 3# $Id: rc.firewall,v 1.1 1996/04/03 17:13:58 phk Exp $ |
4 5############ 6# 7# >>Warning<< 8# This file is not very old yet, and have been put together without much 9# test of the contents. 10 11############ 12# 13# If you don't know enough about packet filtering, we suggest that you 14# take time to read this book: 15# | 4 5############ 6# 7# >>Warning<< 8# This file is not very old yet, and have been put together without much 9# test of the contents. 10 11############ 12# 13# If you don't know enough about packet filtering, we suggest that you 14# take time to read this book: 15# |
16# Building Internet Firewalls 17# Brent Chapman and Elizabeth Zwicky 18# 19# O'Reilly & Associates, Inc 20# ISBN 1-56592-124-0 21# 22# For a more advanced treatment of Internet Security read: 23# |
|
16# Firewalls & Internet Security 17# Repelling the wily hacker 18# William R. Cheswick, Steven M. Bellowin 19# 20# Addison-Wesley 21# ISBN 0-201-6337-4 22# 23 --- 21 unchanged lines hidden (view full) --- 45 mask="255.255.255.0" 46 ip="192.168.4.17" 47 48 # Allow any traffic to or from my own net. 49 /sbin/ipfw add pass all from ${ip} to ${net}:${mask} 50 /sbin/ipfw add pass all from ${net}:${mask} to ${ip} 51 52 # Allow TCP through if setup succeeded | 24# Firewalls & Internet Security 25# Repelling the wily hacker 26# William R. Cheswick, Steven M. Bellowin 27# 28# Addison-Wesley 29# ISBN 0-201-6337-4 30# 31 --- 21 unchanged lines hidden (view full) --- 53 mask="255.255.255.0" 54 ip="192.168.4.17" 55 56 # Allow any traffic to or from my own net. 57 /sbin/ipfw add pass all from ${ip} to ${net}:${mask} 58 /sbin/ipfw add pass all from ${net}:${mask} to ${ip} 59 60 # Allow TCP through if setup succeeded |
53 /sbin/ipfw add deny tcp from any to any established | 61 /sbin/ipfw add pass tcp from any to any established |
54 55 # Allow setup of incoming email 56 /sbin/ipfw add pass tcp from any to ${ip} 25 setup 57 58 # Allow setup of outgoing TCP connections only 59 /sbin/ipfw add pass tcp from ${ip} to any setup 60 61 # Disallow setup of all other TCP connections --- 36 unchanged lines hidden (view full) --- 98 /sbin/ipfw add deny all from ${onet}:${omask} to any in via ${iif} 99 100 # Stop RFC1918 nets on the outside interface 101 /sbin/ipfw add deny all from 192.168.0.0:255.255.0.0 to any via ${oif} 102 /sbin/ipfw add deny all from 172.16.0.0:255.240.0.0 to any via ${oif} 103 /sbin/ipfw add deny all from 10.0.0.0:255.0.0.0 to any via ${oif} 104 105 # Allow TCP through if setup succeeded | 62 63 # Allow setup of incoming email 64 /sbin/ipfw add pass tcp from any to ${ip} 25 setup 65 66 # Allow setup of outgoing TCP connections only 67 /sbin/ipfw add pass tcp from ${ip} to any setup 68 69 # Disallow setup of all other TCP connections --- 36 unchanged lines hidden (view full) --- 106 /sbin/ipfw add deny all from ${onet}:${omask} to any in via ${iif} 107 108 # Stop RFC1918 nets on the outside interface 109 /sbin/ipfw add deny all from 192.168.0.0:255.255.0.0 to any via ${oif} 110 /sbin/ipfw add deny all from 172.16.0.0:255.240.0.0 to any via ${oif} 111 /sbin/ipfw add deny all from 10.0.0.0:255.0.0.0 to any via ${oif} 112 113 # Allow TCP through if setup succeeded |
106 /sbin/ipfw add deny tcp from any to any established | 114 /sbin/ipfw add pass tcp from any to any established |
107 108 # Allow setup of incoming email 109 /sbin/ipfw add pass tcp from any to ${oip} 25 setup 110 111 # Allow access to our DNS 112 /sbin/ipfw add pass tcp from any to ${oip} 53 setup 113 114 # Allow access to our WWW --- 19 unchanged lines hidden --- | 115 116 # Allow setup of incoming email 117 /sbin/ipfw add pass tcp from any to ${oip} 25 setup 118 119 # Allow access to our DNS 120 /sbin/ipfw add pass tcp from any to ${oip} 53 setup 121 122 # Allow access to our WWW --- 19 unchanged lines hidden --- |