rigoletto@
Developer
Hi,
I am moving from PF to IPFW (I never used before) but I am experiencing some problems with the syntax or something.
/etc/rc.conf
/etc/ipfw.sh
So this script give this out:
If I remove this variable "ext_if='10.0.0.10'" another bad command error appear on some other rule.
Could someone please review these rules? I can't find the real offender.
Thanks!
I am moving from PF to IPFW (I never used before) but I am experiencing some problems with the syntax or something.
/etc/rc.conf
Code:
firewall_enable="YES"
firewall_type="/etc/ipfw.sh"
/etc/ipfw.sh
Code:
#!/bin/sh
# set variables
ext_if='10.0.0.10'
#
# flush existing rules
ipfw -q flush
# insert tables
ipfw table 1 add 10.0.0.0/22
# allow established connections
ipfw add 1 check-state
# allow loopback traffic
ipfw add 2 allow all from any to any via lo0
# allow previously established TCP connections
ipfw add 3 allow tcp from any to any established
# reassemble incoming fragmented packets
ipfw add 4 reass all from any to any in
#
# allow all traffic going out
ipfw add 100 set 1 allow udp from $ext_if to any out keep-state
ipfw add 101 set 1 allow tcp from $ext_if to any out setup keep-state
#
# allow private TCP IN
ipfw add 200 set 1 allow tcp from 'table(1)' to $ext_if 80 in setup keep-state
ipfw add 201 set 1 allow tcp from 'table(1)' to $ext_if 6600 in setup keep-state
ipfw add 202 set 1 allow tcp from 'table(1)' to $ext_if 22000 in setup keep-state
# allow prublic TCP IN
ipfw add 300 set 1 allow tcp from any to $ext_if 62820 in setup keep-state
#
# allow public UDP IN
ipfw add 500 set 1 allow udp from any to $ext_if 62820 in setup keep-state
#
# allow common ICMP types in and out
ipfw add 600 set 1 allow icmp from $ext_if to any icmptypes 0,3
ipfw add 601 set 1 allow icmp from any to $ext_if icmptypes 0,3
#
# deny everything else coming in
ipfw add 999 set 1 deny all from any to any
So this script give this out:
Code:
Flushed all rules.
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 deny ip from any to ::1
00500 deny ip from ::1 to any
00600 allow ipv6-icmp from :: to ff02::/16
00700 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 allow ipv6-icmp from any to any ip6 icmp6types 1
01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
Line 4: bad command `ext_if='10.0.0.10''
Firewall rules loaded.
If I remove this variable "ext_if='10.0.0.10'" another bad command error appear on some other rule.
Could someone please review these rules? I can't find the real offender.
Thanks!