Hello,
I'm a FreeBSD Newbie.. I have a VPS, from a hosting provider. I'm using IPFW as my firewall system... I have the following firewall rules.. I want to know if the rules are ok, of if there are any loopholes in it.
everything seems to be working.. Just wanted to get a second opinion on this.
-Thanks in Advance
Vijay
PS: I'm a Linux system admin (with 10+ yrs exp)... I'm just new to FreeBSD...
EDIT: the system has a single NIC(xn0) connected to internet with a public IPv4 & IPv6 addresses .
I'm a FreeBSD Newbie.. I have a VPS, from a hosting provider. I'm using IPFW as my firewall system... I have the following firewall rules.. I want to know if the rules are ok, of if there are any loopholes in it.
everything seems to be working.. Just wanted to get a second opinion on this.
Code:
#!/bin/sh
# Flush out the list before we begin.
ipfw -q -f flush
# Set rules command prefix
cmd="ipfw -q add"
pif="xn0" # interface name of NIC attached to Internet
# No restrictions on Loopback Interface
$cmd 00010 allow all from any to any via lo0
$cmd 00101 check-state #to check dynamic rules table
##Enable all outbound connections
$cmd 00101 allow all from any to any out keep-state
###############INBOUND RULES#############3
#Enable ssh to port 1234
$cmd 00501 allow tcp from any to any 1234 via $pif keep-state
#Allow Dhcp
$cmd 0502 allow udp from any 67 to 255.255.255.255 68 in
#Allow xxxxx-host (x.x.x.x) to access all port
$cmd 00501 allow all from x.x.x.x to any via $pif keep-state
###IPv6 RULES
##Allow all outbound
$cmd 00601 allow ip6 from any to any out keep-state
##Allow inbound icmp6
$cmd 00602 allow ipv6-icmp from any to any keep-state
##Allow ssh to port 1234
$cmd 00603 allow ip6 from any to any 1234 in via $pif keep-state
##Deny All other ports
$cmd 00999 deny all from any to any-Thanks in Advance
Vijay
PS: I'm a Linux system admin (with 10+ yrs exp)... I'm just new to FreeBSD...
EDIT: the system has a single NIC(xn0) connected to internet with a public IPv4 & IPv6 addresses .