I am trying to set up an ipfw based firewall on my FreeBSD 8.3 server. Here is the rules listing (where re0 is the public interface):
So I have not allowed incoming HTTP(S) traffic here in order to test whether the firewall is working/blocking correctly. However, I can access the web server running on that machine fine.
Any ideas what I am missing here?
Code:
root@c:/etc# ipfw list
00010 allow ip from any to any via lo0
00015 deny ip from any to 127.0.0.0/8
00020 deny ip from 127.0.0.0/8 to any
00030 allow ip from any to any via tun0
00035 allow udp from 83.64.XXX.XXX to me dst-port 1194 in recv re0 keep-state
00050 check-state
00070 allow icmp from any to any
00080 deny ip from me to me in recv re0
00085 deny tcp from any to any frag
00098 allow tcp from me to 83.64.XXX.XXX out established keep-state
00099 allow tcp from 83.64.XXX.XXX to me dst-port 22 in setup keep-state
00100 allow tcp from any to any dst-port 22 in setup keep-state
00110 allow tcp from any to any dst-port 22 out setup keep-state
00160 allow tcp from any to any dst-port 25 out setup keep-state
00180 allow tcp from any to any dst-port 53 out setup keep-state
00185 allow udp from any to any dst-port 53 out keep-state
00250 allow udp from any to any dst-port 123 out keep-state
00300 allow tcp from any to any dst-port 3690 in setup keep-state
00350 allow tcp from any to any dst-port 143,993 in setup keep-state
00500 allow tcp from any to any dst-port 8282-8283 in setup keep-state
00999 deny ip from any to any
65535 deny ip from any to anySo I have not allowed incoming HTTP(S) traffic here in order to test whether the firewall is working/blocking correctly. However, I can access the web server running on that machine fine.
Any ideas what I am missing here?