Configuration..

[luzzo]

Hi, I have some doubts about ipfw configuration. I want to configure the configuration of ipfw with these parameters:
- all connections on 11097 allowed only from 109.236.84.29 and 5.135.164.69

What is the right syntax?

 

[luzzo]

Or if this enables you to better help me:

- deny all connection on 11097 except 109.236.84.29 and 5.135.164.69

 

[throAU]

Seriously, you are best off learning the ipfw configuration format for yourself, rather than relying on strangers on the internet to write your rules for you, so that you understand what is going on.

You can learn how to configure the firewall using the directions from the handbook

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html

 

[luzzo]

I have already read IPFW configuration. I just want to be sure that is the right configuration and syntax.

Those are my rules, are they right?

IPF="ipfw -q add"
ipfw -q -f flush


$IPF 500 allow all from any to any
$IPF 1 allow all from 109.236.84.29 to any
$IPF 2 allow all from 46.28.203.193 to any
$IPF 3 denay all from all to any



$IPF 10 allow all from any to any via lo0



$IPF 50 check-state
$IPF 60 allow tcp from any to any established
$IPF 70 allow all from any to any out keep-state
$IPF 80 allow icmp from any to any

$IPF 90 add deny all from 1.541.605.760 to any
$IPF 100 add deny all from 330.321.408 to any 
$IPF 110 add deny all from 112.239.104 to any
$IPF 120 add deny all from 1.024 to any 

##################################################

 

[SirDice]

I just want to be sure that is the right configuration and syntax.

That's why man pages exist; ipfw(8).

$IPF 90 add deny all from 1.541.605.760 to any
$IPF 100 add deny all from 330.321.408 to any 
$IPF 110 add deny all from 112.239.104 to any
$IPF 120 add deny all from 1.024 to any

I suggest you lookup how an IP address should look like. None of these are valid.

 

[luzzo]

That's why man pages exist; ipfw(8).



I suggest you lookup how an IP address should look like. None of these are valid.

Thanks to you, the rest of the syntax is correct? This customization allows only 109.236.84.29 and 46.28.203.193 and denies all other connections?

 

[luzzo]

I tried to set rules in this way..

IPF="ipfw -q add"
ipfw -q -f flush


$IPF 1 allow all from 109.236.84.29 to any
$IPF 2 allow all from 46.28.203.193 to any
$IPF 3 allow all from 127.0.0.1 to any
$IPF 4 allow all from any to any 22 
$IPF 5 allow all from any to any 12000 out
$IPF 6 allow all from any to any 14001 out
$IPF 7 deny all from any to any

$IPF 500 allow all from any to any  
$IPF 10 allow all from any to any via lo0
$IPF 50 check-state
$IPF 60 allow tcp from any to any established
$IPF 70 allow all from any to any out keep-state
$IPF 80 allow icmp from any to any

##################################################

but there are some errors because ssh answers just with id input and not with password one.

Can someone help me?

 

[SirDice]

What are port 12000 and 14001 for?

 

[luzzo]

For Teamspeak.

 

[luzzo]

I want to allow connection just for one IP that is 46.28.203.193.

I have first of all to allow connection from IP server that is 109.236.84.29.

And I want to allow connection on port 22 my IP that is 82.59.189.23.


I have set these rules but I think that there are something wrong..

IPF="ipfw -q add"
ipfw -q -f flush

$IPF 1 deny all from { 112.239.104 or not 109.236.84.29 or not 46.28.203.193 
or not 127.0.0.1 or not 82.59.189.23 } to any
$IPF 10 allow all from any to any via lo0
$IPF 50 check-state
$IPF 60 allow tcp from any to any established
$IPF 70 allow all from any to any out keep-state
$IPF 80 allow icmp from any to any
$IPF 81 deny all from all to any

##################################################

Is it the right syntax?
Is it the right order?

Thank you for help.

Luzzo