Hi!
I change a little default "workstation" rules and for me looks like good and woks but I am not sure about rule 02700. Is it on correct place or should be somewhere different. I think it doesn't work.
Thank you.
I change a little default "workstation" rules and for me looks like good and woks but I am not sure about rule 02700. Is it on correct place or should be somewhere different. I think it doesn't work.
ipfw show
:
Code:
00100 1 40 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
00400 0 0 deny ip from any to ::1
00500 0 0 deny ip from ::1 to any
00600 0 0 allow ipv6-icmp from :: to ff02::/16
00700 0 0 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 0 0 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 0 0 allow ipv6-icmp from any to any icmp6types 1
01000 0 0 allow ipv6-icmp from any to any icmp6types 2,135,136
01050 0 0 deny ip from table(1) to any
01100 0 0 check-state :default
01200 20 20598 reass ip from any to any in
01300 0 0 allow tcp from me to any established
01400 4217 3013491 allow tcp from me to any setup keep-state :default
01500 16 1544 allow udp from me to any keep-state :default
01600 0 0 allow icmp from me to any keep-state :default
01700 0 0 allow ipv6-icmp from me to any keep-state :default
01800 0 0 allow udp from 0.0.0.0 68 to 255.255.255.255 67 out
01900 0 0 allow udp from any 67 to me 68 in
02000 0 0 allow udp from any 67 to 255.255.255.255 68 in
02100 0 0 allow udp from fe80::/10 to me 546 in
02200 0 0 allow icmp from any to any icmptypes 8
02300 0 0 allow ipv6-icmp from any to any icmp6types 128,129
02400 0 0 allow icmp from any to any icmptypes 3,4,11
02500 0 0 allow ipv6-icmp from any to any icmp6types 3
02600 20 20598 count ip from any to any
02700 0 0 deny log ip from any to any out via bge0
02800 0 0 deny { tcp or udp } from any to any 135-139,445 in
02900 0 0 deny { tcp or udp } from any to any 81,113 in
03000 0 0 deny { tcp or udp } from any to any 1026,1027 in
03100 0 0 deny { tcp or udp } from any to any 1433,1434 in
03200 0 0 deny ip from any to 255.255.255.255
03300 1 36 deny ip from any to 224.0.0.0/24 in
03400 0 0 deny udp from any to any 520 in
03500 19 20562 deny tcp from any 80,443 to any 1024-65535 in
03600 0 0 deny ip from any to any frag in
65000 0 0 deny log logamount 500 ip from any to any
65535 0 0 deny ip from any to any