[This topic has been edited to meet forum standards]
Hello guys! I'm new here, maybe this topic was created by another member, in advance I apologize for that. I would like some help with IPFW, I have some rules in place, but I would like to perform a "Default Drop" action, basically it's just accepting some connections from the local network and dropping everything else, what would those rules look like? By the way, I have FreeBSD13.1 + DNS Unbound on this machine.
My Rules:
I would like to optimize these rules if possible.
Hello guys! I'm new here, maybe this topic was created by another member, in advance I apologize for that. I would like some help with IPFW, I have some rules in place, but I would like to perform a "Default Drop" action, basically it's just accepting some connections from the local network and dropping everything else, what would those rules look like? By the way, I have FreeBSD13.1 + DNS Unbound on this machine.
My Rules:
Code:
# Rules of Firewall
# Accept Requisitions to DNS
$fw add allow tcp from 127.0.0.1 to me dst-port 53
$fw add allow udp from 127.0.0.1 to me dst-port 53
$fw add allow tcp from ::1 to me dst-port 53
$fw add allow udp from ::1 to me dst-port 53
$fw add allow tcp from fd00:0000:1::/48 to me dst-port 53 // Prefix used for example
$fw add allow udp from fd00:0000:1::/48 to me dst-port 53 // Prefix used for example
$fw add allow tcp from 100.65.2.0/23 to me dst-port 53
$fw add allow udp from 100.65.2.0/23 to me dst-port 53
$fw add allow tcp from 10.50.50.1 to me dst-port 53
$fw add allow udp from 10.50.50.1 to me dst-port 53
$fw add allow tcp from 192.0.2.0/24 to me dst-port 53 // Prefix used for example
$fw add allow udp from 192.0.2.0/24 to me dst-port 53 // Prefix used for example
# Accept Requisitions to SSH
$fw add allow tcp from 192.168.68.10 to me dst-port 2250
$fw add allow tcp from fd00:0000:1::/48 to me dst-port 2250 // Prefix used for example
$fw add allow tcp from 100.65.2.0/23 to me dst-port 2250
$fw add allow tcp from 10.50.50.1 to me dst-port 2250
$fw add allow tcp from 192.0.2.0/24 to me dst-port 2250 // Prefix used for example
# Discard the Others
$fw add deny tcp from any to me dst-port 53,80,443,2250,17,19,25,137-139,161,465,587,2000
$fw add deny udp from any to me dst-port 53,17,19,25,137-139,161,465,587,2000
I would like to optimize these rules if possible.