Solved Help needed to allow incoming ssh, samba, from local network only

[drr]

I have ipfw on my laptop, started with the following lines in my /etc/rc.conf

firewall_enable="YES"
firewall_type="workstation"

I wish to set up a similar firewall on my home server, but here I need incoming connections to ssh and samba. Can I do this by adding the following line? The Handbook does not seem to suggest this method, but I saw this suggestion in another thread here.

firewall_myservices="22/tcp 445/tcp"

I have also seen the suggestion in another thread to use own script /etc/ipfw.rules. Which method is recommended? Also, can I limit the incoming connections to only computers within my home network? Any help would be appreciated.

 

[mer]

If you start having a lot of rules you need (hard to say specific number) having your own ipfw.rules file is easier.
To allow your internal net something like in /etc/rc.conf:
firewall_allowservices="192.168.251.11"
that is for a single host, you may be able to use cidr notation like 192.168.151.0/24 (not sure you should be able to look at script files and figure that out)
I'm not sure what ports Samba uses but in general the syntax you have should be correct.

 

[drr]

Thanks mer. I was unsure about the syntax as Handbook does not seem to prescribe these commands. I will look into using cidr notation as you recommended.

 

[drr]

mer, just to update that I have used cidr notation as you suggested and it seems to work fine; thanks. I am able to ssh to the server and I can see the following in the ipfw list output.

02500 allow tcp from 192.168.1.0/24 to me 22
02600 allow tcp from 192.168.1.0/24 to me 445

 

[mer]

Awesome. I thought that would work, but since I've not had a need to personally try it, was not 100% sure.
But now we have confirmation; thanks for updating us.

It's always good to see the rules exactly how they expand, which you did with ipfw rules (pfctl -sr is the PF equivalent).